linkfox-shopee-store-returns
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local dependency check script (
check_auth_dependency.py) usingsubprocess.run. The implementation is secure as it uses a list for arguments rather than a shell string, effectively preventing command injection. - [DATA_EXFILTRATION]: External communication is restricted to vendor-controlled infrastructure (
tool-gateway.linkfox.com) for proxying Shopee API requests. This is consistent with the skill's stated purpose of managing cross-border e-commerce data. - [CREDENTIALS_UNSAFE]: Sensitive keys are managed correctly by fetching them from designated environment variables (
LINKFOX_AGENT_API_KEY) at runtime. No hardcoded secrets or embedded credentials were found. - [EXTERNAL_DOWNLOADS]: Instructions are provided to download configuration guidelines from a vendor-owned domain (
agent-files.linkfox.com) if local onboarding files are missing. These downloads are legitimate resources from the verified author.
Audit Metadata