地方标讯极速检索-比地招标
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can use your Bidizhaobiao/ZhiliaoBiaoxun API quota when running searches.
The skill authenticates to the provider with an API key. This is necessary and disclosed, but it delegates use of the user's provider account and quota to the agent.
Headers: X-API-Key: $ZLBX_API_KEY ... API Key: - 从环境变量 `ZLBX_API_KEY` - 从Agent配置文件中读取。
Use only the intended API key, store it as an environment variable if possible, monitor quota usage, and do not paste the key into chat.
Searches or company-analysis queries may be visible to the external tender-data provider.
The skill sends search parameters such as keywords, regions, company names, and project identifiers to an external provider API. This is disclosed and required for the service.
基础 URL: `https://mcp-server.zhiliaobiaoxun.com/api_v2/{工具名}` ... 调用方式: POST 请求Avoid sending confidential business plans, sensitive private information, or internal-only project details unless you trust the provider's data handling.
A broad company search may include subsidiaries or similarly named entities and may use additional API quota.
The instructions allow the agent to expand a company query to related headquarters and subsidiaries without pausing for confirmation. This can broaden read-only queries and consume more API calls, but it is disclosed and aligned with company/group analysis.
自动匹配,无需用户确认 ... 将所有匹配公司(总部+各地分子公司)一并用于后续查询
When accuracy or cost matters, ask the agent to show and confirm matched companies before running follow-up searches.