linkfox-shopee-store-public

Warn

Audited by Socket on Jul 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the skill's Shopee-related capabilities fit its stated purpose, but it sends OAuth and partner data through a LinkFox intermediary instead of direct Shopee endpoints, and it can trigger installation of another skill from a ZIP archive. This is not confirmed malware, but the proxy-based data flow and transitive skill installation create a meaningful security and trust risk.

Confidence: 86%Severity: 72%
Audit Metadata
Analyzed At
Jul 16, 2026, 08:09 AM
Package URL
pkg:socket/skills-sh/linkfox-ai%2Flinkfox-skills%2Flinkfox-shopee-store-public%2F@8aa4ff8d43f63a0229b04e39113f1204d2d39d79ed45da28d436f51331d9682b