linkfox-shopee-store-returns

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes a local dependency check script (check_auth_dependency.py) using subprocess.run. The implementation is secure as it uses a list for arguments rather than a shell string, effectively preventing command injection.
  • [DATA_EXFILTRATION]: External communication is restricted to vendor-controlled infrastructure (tool-gateway.linkfox.com) for proxying Shopee API requests. This is consistent with the skill's stated purpose of managing cross-border e-commerce data.
  • [CREDENTIALS_UNSAFE]: Sensitive keys are managed correctly by fetching them from designated environment variables (LINKFOX_AGENT_API_KEY) at runtime. No hardcoded secrets or embedded credentials were found.
  • [EXTERNAL_DOWNLOADS]: Instructions are provided to download configuration guidelines from a vendor-owned domain (agent-files.linkfox.com) if local onboarding files are missing. These downloads are legitimate resources from the verified author.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM