卖家之家跨境电商物流海外仓搜索
PassAudited by ClawScan on May 10, 2026.
Overview
This instruction-only skill is a scoped MJZJ logistics-provider search helper, with a disclosed API key/messaging handoff that users should keep explicitly user-approved.
The search behavior appears scoped and benign. Before installing, understand that public provider searches do not appear to need the API key, while contacting providers through MJZJ private messages does; only enable that credential and messaging workflow if you want the agent to perform those account actions with your confirmation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Providing the API key may allow authenticated MJZJ account actions if the agent uses the related messaging workflow.
The skill requests an MJZJ API key while stating the two search interfaces are public; the artifact explains the key is for optional authenticated private messaging, so this is disclosed but broader than search-only use.
requires: env: ["MJZJ_API_KEY"] ... 本 Skill 全部为公开接口,可不带 token ... 发送私信需要鉴权(Authorization: Bearer $MJZJ_API_KEY)
Only provide the MJZJ API key if you intend to use authenticated MJZJ actions, and require explicit approval before any private message is sent.
If used without clear confirmation, the agent could send a private message to a provider from the user's MJZJ account.
The skill includes a workflow to invoke a messaging endpoint after a user selects a provider. This is related to the logistics-search use case, but sending messages is a state-changing account action.
若用户想联系服务商,可取返回结果中的 `userSlug` 调用 `/api/message/sendMessage` 直接发私信
Treat messaging as a separate user-approved step: confirm the recipient, message content, and intent before sending.