甩手店长一键采集,刊登
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is a coherent ecommerce automation client, but it has high-impact authority to store access credentials, call arbitrary MCP tools, and publish products to shops without clearly bounded safeguards.
Review this skill carefully before installing. It is not shown to be malicious, but it can control live ecommerce workflows: logging in, collecting products, claiming drafts, and publishing to shops. Use a limited app key if possible, confirm shop IDs and product details before publishing, and remove the saved authorization file if you no longer want the skill to retain access.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could call tools beyond the specific action the user intended, especially if the remote server adds new tools or if a broad request is interpreted too aggressively.
The skill is not limited to a fixed, reviewed workflow; it intentionally exposes arbitrary current and future remote MCP tools, including account-changing tools such as login, collect, claim, and publish.
This wrapper is expected to expose **all current tools** ... If new tools are added server-side later, use `tools` to discover them and call them via `call`.
Use an explicit allowlist for safe tools, require user confirmation for mutating actions, and document the scope and expected effects of every callable MCP tool.
A wrong URL, shop ID, or product draft could be published immediately to a live storefront, potentially causing business, policy, or reputation issues.
A single command can move a product URL through collection, draft claiming, and immediate public publishing, while default settings ignore sensitive-word rules.
`collect_and_publish` ... 此命令执行:采集 → 认领 → 查询草稿 → 发布 ... `bindWordRule=IGNORE` - 忽略敏感词直接发布 ... `scheduledPublish=false` - 立即发布
Default to draft-only behavior, require explicit confirmation before publishing, show the target shop and item details before mutation, and avoid ignoring sensitive-word checks unless the user explicitly requests it.
The service credential can remain on disk and be reused by later runs or accessed by other local processes/users if file permissions are weak.
The script prompts for an app key or authorization header and saves it persistently in the user's home directory.
return path.join(os.homedir(), ".htyd-mcp-client-streamable.json"); ... rl.question("MCP AppKey/Authorization not set. Please input MCP_APP_KEY ...") ... safeWriteJson(configPath, { ...cfg, authorization });Clearly declare the credential requirement, document where it is stored, use restrictive file permissions or a system secret store, and provide a logout/remove-credential command.
Product URLs, shop identifiers, publish actions, and credentials are handled through the remote MCP service.
The skill communicates with a remote MCP endpoint and sends authorization and business workflow requests there. This is expected for the integration, but users should understand the data path.
Default endpoint: `MCP_URL=https://dz.shuaishou.com/mcp` ... `MCP_APP_KEY=<your_app_key>` (sent as `Authorization: Bearer ...`)
Verify that the endpoint and publisher are trusted, use the least-privileged app key available, and avoid sending unrelated sensitive data through this MCP connection.
Users have less external information for verifying who maintains the skill or auditing changes before trusting it with store operations.
The artifacts do not provide a public source repository or homepage for provenance, which matters more because the skill can operate on production ecommerce accounts.
Source: unknown; Homepage: none
Install only if you trust the publisher and the MCP endpoint; prefer a version with a documented source repository, changelog, and credential/security guidance.