linkfox-shopee-store-voucher
Fail
Audited by Snyk on Jul 16, 2026
Risk Level: CRITICAL
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to obtain an accessToken and forward requests via POST /shopee/developerProxy and also to write and print full API responses (or full JSON with --inline), which forces handling and potentially outputting secret values (access tokens / API keys) verbatim.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.70). One URL is suspicious because it instructs downloading and installing a ZIP release (agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) — a direct archive installer distributed outside standard package managers, matching high-risk distribution patterns for executable delivery.
Issues (2)
W007
HIGHInsecure credential handling detected in skill instructions.
E005
CRITICALSuspicious download URL detected in skill instructions.
Audit Metadata