苏宁帮客预约服务
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If confirmed, the agent may submit a real repair/service appointment request using the provided details.
The skill instructs the agent to make a production POST request that may create a service reservation. This is purpose-aligned and gated on user confirmation, but it is still an external action the user should notice.
步骤3:提交预约(如果用户确认) 使用 POST 请求提交数据到苏宁帮客预约接口: https://asapps.suning.com/asapps/mcp/serviceReserveNew
Only submit after explicit user confirmation, and make clear that this may create a real service request.
The user’s contact number and repair issue may be shared with the external booking service.
The skill sends the user’s phone number and repair description to an external service endpoint. This data flow is disclosed and necessary for the booking purpose, but it involves personal information crossing a service boundary.
请求体参数: phone=<手机号> serviceDescription=<故障描述>
Tell users exactly what information will be sent and submit only the minimum necessary details.
Users could overestimate the privacy guarantees of the submission method.
The privacy note correctly favors POST over URL query parameters, but it overstates the protection because request bodies can still be logged by servers, proxies, tools, or command histories depending on implementation.
避免敏感数据被记录在服务器日志、浏览器历史、HTTP Referrer 头中
Describe POST as reducing URL exposure, not as a complete guarantee that sensitive data will never be logged.