linkfox-shopee-store-public

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill interacts with official vendor endpoints (tool-gateway.linkfox.com) for API proxying and token resolution. All network communication is confined to the vendor's infrastructure and is required for the skill's stated purpose.
  • [COMMAND_EXECUTION]: The script _shopee_public_common.py uses subprocess.run to execute a local dependency checker (check_auth_dependency.py). The command uses a hardcoded path and the current Python interpreter, ensuring the execution is safe and not susceptible to argument injection.
  • [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md includes a link to a vendor-controlled domain (agent-files.linkfox.com) for manual downloading of a missing dependency skill. This is a legitimate maintenance instruction within the vendor's ecosystem.
  • [DATA_EXFILTRATION]: While the skill transmits Shopee-related identifiers and vendor-specific API keys, these operations are performed against the vendor's authenticated API gateway. This is the intended functionality of the skill and does not represent unauthorized data exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM