卖家之家跨境电商物流海外仓搜索
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mjzj-wuliu Version: 1.0.1 The skill bundle is a legitimate integration for searching logistics providers and overseas warehouses via the mjzj.com (卖家之家) API. It defines clear tool-selection rules, data handling procedures for Snowflake IDs, and standard API interactions without any evidence of data exfiltration, malicious execution, or harmful prompt injection. All behaviors are well-documented and aligned with the stated purpose of the skill.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Providing the API key may allow authenticated MJZJ account actions if the agent uses the related messaging workflow.
The skill requests an MJZJ API key while stating the two search interfaces are public; the artifact explains the key is for optional authenticated private messaging, so this is disclosed but broader than search-only use.
requires: env: ["MJZJ_API_KEY"] ... 本 Skill 全部为公开接口,可不带 token ... 发送私信需要鉴权(Authorization: Bearer $MJZJ_API_KEY)
Only provide the MJZJ API key if you intend to use authenticated MJZJ actions, and require explicit approval before any private message is sent.
If used without clear confirmation, the agent could send a private message to a provider from the user's MJZJ account.
The skill includes a workflow to invoke a messaging endpoint after a user selects a provider. This is related to the logistics-search use case, but sending messages is a state-changing account action.
若用户想联系服务商,可取返回结果中的 `userSlug` 调用 `/api/message/sendMessage` 直接发私信
Treat messaging as a separate user-approved step: confirm the recipient, message content, and intent before sending.