ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cj Dropshipping Api

v1.0.0

Use when user wants to integrate CJ Dropshipping, search products, create orders, track shipments, manage Shopify listings via CJ, or automate CJ logistics a...

0· 67·1 current·1 all-time
by@simoncai519

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for simoncai519/cj-dropshipping-api.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cj Dropshipping Api" (simoncai519/cj-dropshipping-api) from ClawHub.
Skill page: https://clawhub.ai/simoncai519/cj-dropshipping-api
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cj-dropshipping-api

ClawHub CLI

Package manager switcher

npx clawhub@latest install cj-dropshipping-api
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the SKILL.md both describe CJ Dropshipping API operations (product search, orders, webhooks, Shopify listing). That purpose is coherent with the included API reference and example calls.
!
Instruction Scope
The runtime instructions rely on running accio-mcp-cli to obtain CJ-Access-Token, and show using curl/jq and exporting CJ_TOKEN. The skill metadata declares no required binaries or env vars, yet the instructions assume the agent (or user) can run accio-mcp-cli, curl, and jq and will handle an OAuth browser flow. This mismatch could cause unexpected behavior if the agent tries to execute missing/untrusted tools.
Install Mechanism
No install spec and no code files — instruction-only. Low disk/write risk. However, because the skill delegates auth to an external CLI (accio-mcp-cli), installing/using that CLI is an operational dependency the registry metadata does not document.
Credentials
The skill requires a CJ access token (CJ-Access-Token) for all API calls and suggests exporting CJ_TOKEN, but the registry lists no required environment variables or primary credential. Requesting a token for CJ is proportional to the task, but the omission of this expected requirement in metadata is a coherence issue and makes it unclear how the agent should obtain/store credentials safely.
Persistence & Privilege
always is false and there are no config paths or claims to modify other skills or system settings. The skill does instruct storing webhook URLs and tokens but does not demand persistent system privileges.
What to consider before installing
This skill appears to be a straightforward CJ Dropshipping API cookbook, but it references external tools and an OAuth flow that are not declared in the skill metadata. Before installing or enabling it: 1) Verify what 'accio-mcp-cli' is, where it comes from, and that you trust its source — the skill assumes that CLI will open a browser and print access tokens. 2) Confirm your environment has (or will install) curl and jq if you expect the agent to run the example commands. 3) Treat the CJ access token (CJ-Access-Token / CJ_TOKEN) like a secret: only store it in trusted secret storage, and don't paste it into untrusted consoles or share it. 4) If you plan to accept webhooks, host callback endpoints securely and validate incoming requests. 5) Because the skill metadata omits these operational requirements and the source is 'unknown' in the registry, proceed cautiously — ask the skill author for a clear list of required binaries and exact guidance for obtaining accio-mcp-cli (or be prepared to perform the OAuth step yourself).

Like a lobster shell, security has layers — review code before you run it.

latestvk97bcsq8q0q3k83eyt1aeprsnd84swtx
67downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@simoncai519
latest
Download

CJ Dropshipping API Skill

Overview

This skill provides concise guidance for interacting with the CJ Dropshipping API (v2.0). It covers authentication, product management, order processing, logistics, delivery profiles, shop management, and webhook configuration. Use the skill when a user asks to:

  • Obtain an OAuth token via accio-mcp-cli
  • Search or list CJ products
  • Retrieve product details, variants, or stock
  • Add products to "My Products"
  • List or batch‑list products to a Shopify store
  • Create or query delivery profiles
  • Create orders, pay for them, or track shipments
  • Configure or manage CJ webhooks
  • Query shop information (shops, locations, countries)

All REST calls require the CJ-Access-Token header obtained from accio-mcp-cli call get_cj_access_token.

Core Workflow Summary

  1. Authenticate – Run the two accio-mcp-cli commands to obtain the access token.
  2. Make REST Calls – Use curl (or any HTTP client) with the token in the header.
  3. Handle Pagination – Most list endpoints accept page and size query parameters.
  4. Error Handling – Check the code field; retry on 500 or respect rate‑limit headers.
  5. Webhooks – Set up callbacks once; store URLs securely.

Usage Examples

# 1️⃣ Obtain OAuth token (once)
accio-mcp-cli call start_cj_auth          # opens browser for user consent
accio-mcp-cli call get_cj_access_token    # prints JSON with accessToken

# Store the token in an env var for convenience
export CJ_TOKEN=$(accio-mcp-cli call get_cj_access_token --raw | jq -r .accessToken)

# 2️⃣ Get product list (search)
curl -s "https://developers.cjdropshipping.com/api2.0/v1/product/listV2?keyWord=phone&page=1&size=20" \
  -H "CJ-Access-Token: $CJ_TOKEN" | jq .

# 3️⃣ Get product detail by SKU
curl -s "https://developers.cjdropshipping.com/api2.0/v1/product/query?productSku=ABC123" \
  -H "CJ-Access-Token: $CJ_TOKEN" | jq .

# 4️⃣ Add a product to My Products
curl -X POST "https://developers.cjdropshipping.com/api2.0/v1/product/addToMyProduct" \
  -H "Content-Type: application/json" \
  -H "CJ-Access-Token: $CJ_TOKEN" \
  -d '{"productId":"1234567890"}' | jq .

# 5️⃣ Create a Shopify delivery profile (required for listing)
curl -X POST "https://developers.cjdropshipping.com/api2.0/v1/product/listed/createDeliveryProfile" \
  -H "Content-Type: application/json" \
  -H "CJ-Access-Token: $CJ_TOKEN" \
  -d '{
        "shopId":"YOUR_SHOP_ID",
        "name":"CJ Dropshipping",
        "locationIds":["CJ_LOCATION_ID"],
        "zones":{"countries":[{"countryCode":"US","provinces":[{"provinceCode":"CA"}]}]}
      }' | jq .

# 6️⃣ Batch list products to Shopify (use deliveryProfileId from previous step)
curl -X POST "https://developers.cjdropshipping.com/api2.0/v1/product/listed/listedByPids" \
  -H "Content-Type: application/json" \
  -H "CJ-Access-Token: $CJ_TOKEN" \
  -d '{
        "shopIds":["YOUR_SHOP_ID"],
        "productIds":["123456","789012"],
        "formula":{ "formulaType":3, "shippingFrom":"CN", "shippingTo":"US", "isLogistics":1 },
        "templateShopCategoryVOList":[{"shopId":"YOUR_SHOP_ID","deliveryProfileId":"YOUR_PROFILE_ID"}]
      }' | jq .

# 7️⃣ Create an order (V2)
curl -X POST "https://developers.cjdropshipping.com/api2.0/v1/shopping/order/createOrderV2" \
  -H "Content-Type: application/json" \
  -H "CJ-Access-Token: $CJ_TOKEN" \
  -d '{
        "orderNumber":"ORDER123",
        "shippingCountryCode":"US",
        "shippingAddress":"123 Main St",
        "shippingCustomerName":"John Doe",
        "shippingPhone":"1234567890",
        "logisticName":"CJPacket Sensitive",
        "payType":"1",
        "products":[{"vid":"VID123","quantity":1}]
      }' | jq .

# 8️⃣ Track a shipment
curl -s "https://developers.cjdropshipping.com/api2.0/v1/logistic/trackInfo?trackNumber=TRACK123" \
  -H "CJ-Access-Token: $CJ_TOKEN" | jq .

# 9️⃣ Set up a webhook for order updates
curl -X POST "https://developers.cjdropshipping.com/api2.0/v1/webhook/set" \
  -H "Content-Type: application/json" \
  -H "CJ-Access-Token: $CJ_TOKEN" \
  -d '{
        "order":{"type":"ENABLE","callbackUrls":["https://yourdomain.com/cj/webhook/order"]}
      }' | jq .

Created by Simon Cai · More e-commerce skills: github.com/simoncai519/open-accio-skill

Comments

Loading comments...