linkfox-xiyou-dongcha

Pass

Audited by Gen Agent Trust Hub on Jul 16, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes local Python scripts (scripts/xiyou.py and scripts/_xiyou_common.py) to process user requests and interact with the data gateway.
  • [EXTERNAL_DOWNLOADS]: The scripts make network requests to https://tool-gateway.linkfox.com and https://skill-api.linkfox.com. These domains are official resources for the LinkFox service and are required for the skill to fetch Amazon marketplace data and report feedback.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill correctly instructs users to provide sensitive API keys and client credentials through environment variables (LINKFOXAGENT_API_KEY, XIYOU_CLIENT_ID, XIYOU_CLIENT_SECRET), ensuring they are not exposed in code or logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 16, 2026, 08:08 AM