卖家之家(跨境电商)服务商搜索
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mainly documents public service-provider search APIs, but it unnecessarily requires an MJZJ API key and also points the agent toward authenticated private-message sending.
Use this skill for public service-provider search only if you are comfortable with the MJZJ credential requirement. Avoid configuring MJZJ_API_KEY unless you also intend to use authenticated MJZJ actions, and confirm manually before any private message is sent.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant account-level API access that is not needed for the advertised public search function.
The skill requires an API key while also stating that all of its own interfaces are public and can be used without a token, making the credential requirement overbroad for the stated search purpose.
requires:\n env: ["MJZJ_API_KEY"] ... 本 Skill 全部为公开接口,可不带 token。
Make MJZJ_API_KEY optional for this skill, document exactly when it is needed, and require explicit user confirmation before any authenticated account action.
If the agent follows the contact workflow, it may send private messages through the user's MJZJ account rather than only performing searches.
The skill says only two public query APIs are open, but it also describes using another authenticated message-sending API as a follow-on workflow.
仅开放以下 2 个接口:... /api/spQuery/getClassifies ... /api/spQuery/queryProviders ... 若用户想联系服务商,可取返回结果中的 userSlug 调用 /api/message/sendMessage 直接发私信
Treat message sending as a separate, explicitly approved action and do not let the search skill send or trigger messages without clear user instruction.