linkfox-shopee-store-video

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to execute a local Python script check_auth_dependency.py for verifying the presence of required authentication modules. This is a controlled execution of internal skill code and does not pose a security risk.
  • [EXTERNAL_DOWNLOADS]: The skill documentation suggests downloading an onboarding skill from agent-files.linkfox.com if necessary. This domain is owned by the skill vendor (linkfox-ai) and is used for legitimate distribution of related tools.
  • [CREDENTIALS_UNSAFE]: The skill accesses API keys through environment variables (LINKFOX_AGENT_API_KEY, LINKFOXAGENT_API_KEY), which is the recommended secure practice for agent skills. No hardcoded credentials were found.
  • [DATA_EXFILTRATION]: Network communication is restricted to the vendor's official gateway (tool-gateway.linkfox.com) and feedback API (skill-api.linkfox.com). The transmission of shop identifiers and access tokens to these endpoints is essential for the skill's primary function of managing Shopee store videos.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM