FastMoss TikTok Top Selling
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users must provide a LinkFox API key, which grants access to the LinkFox/FastMoss service according to that key's permissions.
The skill uses a LinkFox API key from the environment and sends it as an Authorization header. This is expected for the stated API integration, but it is a sensitive credential users should manage carefully.
认证方式:Header `Authorization: <api_key>`,api_key 从环境变量 `LINKFOXAGENT_API_KEY` 读取
Use a key intended only for this service, avoid sharing it in chat, store it as an environment variable, and rotate it if exposed.
If feedback is submitted, parts of the user's request or intent could be sent to a separate LinkFox endpoint.
The reference documents a separate feedback API that could transmit user feedback or user-intent details to LinkFox. The artifacts do not show code that automatically calls it, so this is a notice rather than a concern.
POST `https://skill-api.linkfox.com/api/v1/public/feedback` ... `content`: Include what the user said or intended, what actually happened, and why it is a problem or praise
Only submit feedback with the user's consent, and avoid including private, personal, or business-sensitive details in feedback content.