linkfox-temu-add-product-us

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes numerous Python scripts in the scripts/ directory designed to be executed by the AI agent. These scripts serve as wrappers for Temu API calls and follow standard command-line interface patterns.
  • [EXTERNAL_DOWNLOADS]: The scripts communicate with the vendor's gateway at https://tool-gateway.linkfox.com to fetch product information and upload image data. This is the primary intended functionality of the skill.
  • [DATA_EXFILTRATION]: User-provided Temu accessToken and LinkFox LINKFOX_AGENT_API_KEY are transmitted to the vendor's gateway to authenticate API requests. This transmission is necessary for the tool's operation and targets the vendor's infrastructure.
  • [CREDENTIALS_SAFE]: The skill manages sensitive tokens by retrieving them from environment variables or a local JSON file located at ~/.linkfox/temu-access-tokens.json. It does not contain any hardcoded credentials.
  • [DATA_LOGGING]: The skill implements a logging mechanism in _temu_common.py that saves full API responses to a local linkfox/ directory. This allows for persistent storage of transaction data outside of the immediate agent context, with logic to summarize large outputs to maintain performance.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM