卖家之家(跨境电商)资讯搜索与发布
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misunderstands the user or skips review, it could publish an article or upload images under the user's MJZJ account.
The workflow instructs the agent to download/upload article images and then call the article creation endpoint. This is expected for a publishing skill, but it is an account-changing/publication action.
对每一张图片分别下载文件...使用该 `putUrl` 将图片文件上传到 COS... 5. 调用 `/api/articleManage/create` 发布文章
Before the final `/api/articleManage/create` call, require the agent to show the title, content, author, tags, publish time, and image list, and get explicit user confirmation.
Anyone or any agent using this configured key could act within the key's MJZJ permissions for the listed operations.
The skill uses the user's MJZJ API key for authenticated endpoints that can query private account data, upload files, and publish articles.
其余 6 个接口:需要 - `Authorization: Bearer $MJZJ_API_KEY`
Use a dedicated, least-privilege MJZJ API key if available, store it only in the skill configuration, and rotate or revoke it when no longer needed.