keyapi-tiktok-shop-creator-discovery
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill communicates with the official KeyAPI MCP server at mcp.keyapi.ai for all commerce-related data operations.
- [SAFE]: API authentication is securely managed through environment variables or a local .env file, avoiding hardcoded secrets and following standard security practices.
- [SAFE]: The Node.js helper script (scripts/run.js) performs tool invocation, caching, and image URL processing using the Model Context Protocol (MCP) SDK without introducing remote code execution or command injection risks.
- [SAFE]: External data ingested from TikTok Shop APIs is used for reporting and synthesis; while the skill processes untrusted external content, it does not provide high-privilege write capabilities or execution of that data, mitigating indirect prompt injection risks.
Audit Metadata