卖家之家(跨境电商)资讯搜索与发布
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mjzj-article Version: 1.0.2 The skill is a legitimate integration for searching and publishing articles on the MJZJ (卖家之家) e-commerce platform. It defines standard API interactions for article management, including image uploads to a Cloud Object Storage (COS) and content publishing via HTML. All operations are directed to the official domain (data.mjzj.com), and the use of the MJZJ_API_KEY environment variable is consistent with the stated purpose of the tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent misunderstands the user or skips review, it could publish an article or upload images under the user's MJZJ account.
The workflow instructs the agent to download/upload article images and then call the article creation endpoint. This is expected for a publishing skill, but it is an account-changing/publication action.
对每一张图片分别下载文件...使用该 `putUrl` 将图片文件上传到 COS... 5. 调用 `/api/articleManage/create` 发布文章
Before the final `/api/articleManage/create` call, require the agent to show the title, content, author, tags, publish time, and image list, and get explicit user confirmation.
Anyone or any agent using this configured key could act within the key's MJZJ permissions for the listed operations.
The skill uses the user's MJZJ API key for authenticated endpoints that can query private account data, upload files, and publish articles.
其余 6 个接口:需要 - `Authorization: Bearer $MJZJ_API_KEY`
Use a dedicated, least-privilege MJZJ API key if available, store it only in the skill configuration, and rotate or revoke it when no longer needed.