linkfox-zhihuiya-claim-data-translated
Warn
Audited by Socket on Jul 16, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS: the core claim-translation purpose is coherent, but the trust boundary is broader than stated. The skill routes credentials and query data through LinkFox-managed services, stores full responses locally by default, and may trigger transitive installation of another skill from an unsigned remote ZIP. This is not confirmed malware, but the install trust and data-flow design are higher risk than a narrowly scoped direct API integration.
Confidence: 82%Severity: 74%
Audit Metadata