linkfox-shopee-store-public
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with official vendor endpoints (
tool-gateway.linkfox.com) for API proxying and token resolution. All network communication is confined to the vendor's infrastructure and is required for the skill's stated purpose. - [COMMAND_EXECUTION]: The script
_shopee_public_common.pyusessubprocess.runto execute a local dependency checker (check_auth_dependency.py). The command uses a hardcoded path and the current Python interpreter, ensuring the execution is safe and not susceptible to argument injection. - [EXTERNAL_DOWNLOADS]: The documentation in
SKILL.mdincludes a link to a vendor-controlled domain (agent-files.linkfox.com) for manual downloading of a missing dependency skill. This is a legitimate maintenance instruction within the vendor's ecosystem. - [DATA_EXFILTRATION]: While the skill transmits Shopee-related identifiers and vendor-specific API keys, these operations are performed against the vendor's authenticated API gateway. This is the intended functionality of the skill and does not represent unauthorized data exposure.
Audit Metadata