卖家之家跨境电商物流海外仓搜索
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Providing the API key may allow authenticated MJZJ account actions if the agent uses the related messaging workflow.
The skill requests an MJZJ API key while stating the two search interfaces are public; the artifact explains the key is for optional authenticated private messaging, so this is disclosed but broader than search-only use.
requires: env: ["MJZJ_API_KEY"] ... 本 Skill 全部为公开接口,可不带 token ... 发送私信需要鉴权(Authorization: Bearer $MJZJ_API_KEY)
Only provide the MJZJ API key if you intend to use authenticated MJZJ actions, and require explicit approval before any private message is sent.
If used without clear confirmation, the agent could send a private message to a provider from the user's MJZJ account.
The skill includes a workflow to invoke a messaging endpoint after a user selects a provider. This is related to the logistics-search use case, but sending messages is a state-changing account action.
若用户想联系服务商,可取返回结果中的 `userSlug` 调用 `/api/message/sendMessage` 直接发私信
Treat messaging as a separate user-approved step: confirm the recipient, message content, and intent before sending.