linkfox-xiyou-dongcha
Pass
Audited by Gen Agent Trust Hub on Jul 16, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local Python scripts (
scripts/xiyou.pyandscripts/_xiyou_common.py) to process user requests and interact with the data gateway. - [EXTERNAL_DOWNLOADS]: The scripts make network requests to
https://tool-gateway.linkfox.comandhttps://skill-api.linkfox.com. These domains are official resources for the LinkFox service and are required for the skill to fetch Amazon marketplace data and report feedback. - [CREDENTIALS_UNSAFE]: No hardcoded credentials or secrets were found. The skill correctly instructs users to provide sensitive API keys and client credentials through environment variables (
LINKFOXAGENT_API_KEY,XIYOU_CLIENT_ID,XIYOU_CLIENT_SECRET), ensuring they are not exposed in code or logs.
Audit Metadata