linkfox-zhihuiya-legal-status
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill connects to 'tool-gateway.linkfox.com' and 'skill-api.linkfox.com' to perform its core functions. These are vendor-owned domains associated with 'linkfox-ai'.
- [COMMAND_EXECUTION]: The Python script 'zhihuiya_legal_status.py' is a standard implementation that uses 'urllib' to make network requests. It does not use dangerous functions like 'os.system' or 'subprocess' for user-controlled inputs.
- [DATA_EXFILTRATION]: Network operations are limited to the vendor's API endpoints. There is no evidence of sensitive local file access (e.g., SSH keys, AWS credentials) or redirection of patent data to unauthorized third parties.
- [CREDENTIALS_UNSAFE]: The skill follows security best practices by reading the API key from an environment variable ('LINKFOXAGENT_API_KEY') rather than hardcoding it in the source code.
Audit Metadata