linkfox-temu-ads-global

Warn

Audited by Socket on Jul 16, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill’s ads purpose is plausible, but its actual data flow is centered on a LinkFox intermediary that receives both LinkFox and Temu credentials instead of calling official Temu partner endpoints directly. The fallback ZIP-installed onboarding skill adds transitive trust and unverifiable installer risk. This looks more like a managed gateway integration than outright malware, but the credential routing and install chain make it high risk.

Confidence: 90%Severity: 84%
Audit Metadata
Analyzed At
Jul 16, 2026, 08:10 AM
Package URL
pkg:socket/skills-sh/linkfox-ai%2Flinkfox-skills%2Flinkfox-temu-ads-global%2F@ae05e8e22a053d7f6fce3b4b882e430db0f22f1b9ad2f65e1c43741a8de473c9