全网招中标数据平台-知了标讯
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may call this provider for broad procurement-related questions, which can send query details externally and consume API quota.
The skill explicitly directs the agent to use it for a broad set of tender, procurement, supplier, competitor, and market-analysis scenarios, even when the user does not name the provider.
当用户涉及以下任何场景时,必须使用此SKILL...即使用户没有提到「知了标讯」...都应使用本SKILL。
Install only if you want this provider used for those scenarios; ask the agent to confirm before use when queries are sensitive or ambiguous.
Ambiguous company names may lead to overbroad analysis, unintended entities in results, or extra quota-consuming API calls.
The company-search workflow tells the agent to automatically expand a company name to headquarters and branches and use all matched entities in follow-up queries without stopping for user confirmation.
自动匹配,无需用户确认...将所有匹配公司(总部+各地分子公司)一并用于后续查询,不打断用户流程。
For ambiguous company names or cost-sensitive work, ask the agent to show matched companies and get confirmation before running deeper analysis.
Anyone or any agent flow with access to the key may use the associated service quota or account privileges.
The skill requires a provider API key and sends it in request headers; this is declared and purpose-aligned, but it is still a sensitive credential.
Headers:\n X-API-Key: $ZLBX_API_KEY...API Key: 从环境变量 `ZLBX_API_KEY` - 从Agent配置文件中读取。
Use a dedicated ZLBX key, store it securely, monitor quota usage, and rotate or revoke it if it is exposed.
The provider may receive business queries or project/company names that could be sensitive in some organizations.
The skill sends requests to an external provider endpoint. This is disclosed and required for the skill, but it creates a third-party data flow for search terms, company names, and project identifiers.
基础 URL: `https://mcp-server.zhiliaobiaoxun.com/api_v2/{工具名}`...调用方式: POST 请求Avoid submitting confidential internal procurement plans, non-public supplier lists, or sensitive company strategy unless your organization permits use of this provider.