Skills
skills/redfox-data/redfox-community/gzh-search-crawler/Gen Agent Trust Hub

gzh-search-crawler

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches article data from the vendor's API at https://redfox.hk/story/api/gzhData/searchArticle. These requests are necessary for the skill's core functionality.
  • [DATA_EXFILTRATION]: The script accesses a service-specific configuration file located at ~/.qoder/apis/redfox.json to retrieve the user's personal API key for authentication. This is a standard method for credential management for the integrated service.
  • [COMMAND_EXECUTION]: The skill uses subprocess.run to invoke the system's default browser to open the locally generated HTML report. The command is targeted at a localhost URL serving the report.
  • [REMOTE_CODE_EXECUTION]: The skill starts a local HTTP server on port 8766. This server acts as a proxy for the HTML report to communicate with the redfox.hk API, bypassing browser-based cross-origin (CORS) restrictions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:50 PM
Security Audit — agent-trust-hub — gzh-search-crawler