linkfox-temu-order-eu
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill includes multiple Python scripts (e.g., "scripts/eu_order_list_v2_get.py", "scripts/temu_proxy.py") designed to interface with Temu's APIs. These scripts are invoked via the command line to perform order management tasks.
- [DATA_EXFILTRATION]: Data is transmitted to "https://tool-gateway.linkfox.com/temu/proxy" and "https://tool-gateway.linkfox.com/temu/fileDownload". These domains are recognized as official infrastructure belonging to the vendor, 'linkfox-ai', and are used for the intended purpose of proxying API requests.
- [CREDENTIALS_UNSAFE]: The skill manages sensitive authentication material, including LinkFox API keys and Temu access tokens. It follows security best practices by encouraging the use of environment variables and providing a local token storage mechanism ("~/.linkfox/temu-access-tokens.json") instead of hardcoding secrets.
- [SAFE]: The skill's operations, including network communication with the vendor gateway and local file system access for logging and token management, are consistent with its stated purpose and documented functionality. No malicious patterns such as obfuscation, persistence, or privilege escalation were identified.
Audit Metadata