Sorftime Product Search
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a legitimate Sorftime/Amazon product search helper, with cautions that it uses a LinkFox API key and documents a separate feedback endpoint.
Before installing, be comfortable setting a LinkFox API key and having product-search queries sent to LinkFox/Sorftime. Avoid including confidential information in feedback. No evidence of malware, persistence, destructive behavior, or hidden local data access was found in the provided artifacts.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Queries will run under the user's LinkFox API key and may consume that account's quota or permissions.
The helper reads a LinkFox API key from the environment and sends it as the Authorization header. This is expected for a LinkFox/Sorftime API integration, but the registry metadata does not declare a required credential or env var.
key = os.environ.get("LINKFOXAGENT_API_KEY") ... "Authorization": api_keyOnly provide a LinkFox API key you intend this skill to use, monitor/revoke it if needed, and ask the publisher to declare LINKFOXAGENT_API_KEY in metadata.
If used, feedback submissions could send parts of the user's request or experience to LinkFox.
The reference file documents a separate public feedback endpoint that could transmit user feedback or intent details outside the main product-search API. The provided code does not automatically call it.
POST https://skill-api.linkfox.com/api/v1/public/feedback ... "content": Include what the user said or intended
Submit feedback only intentionally, avoid confidential details, and prefer explicit user consent before sending conversation-derived content.