linkfox-shopee-store-voucher

Fail

Audited by Snyk on Jul 16, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to obtain an accessToken and forward requests via POST /shopee/developerProxy and also to write and print full API responses (or full JSON with --inline), which forces handling and potentially outputting secret values (access tokens / API keys) verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). One URL is suspicious because it instructs downloading and installing a ZIP release (agent-files.linkfox.com/skills/linkfox-onboarding/release.zip) — a direct archive installer distributed outside standard package managers, matching high-risk distribution patterns for executable delivery.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 16, 2026, 08:10 AM
Issues
2