v2.2.1

Sourcing in China

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 6:45 AM.

Analysis

This is a coherent product-sourcing helper, but it sends search terms and product URLs to a third-party MCP service.

GuidanceThis skill appears safe for non-sensitive product and supplier research. Before installing, be aware that searches go through an external MCP proxy, so do not include confidential product plans, private specifications, or proprietary sourcing strategy in queries.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

**Endpoint:** `https://mcp.chexb.com/sse` ... **What is sent:** Search keywords, page numbers, product URLs

The skill clearly discloses that user search terms and product URLs are transmitted to an external MCP server. This is purpose-aligned for the sourcing workflow, but it creates a third-party data boundary users should understand.

User impactConfidential product ideas, supplier strategy, or proprietary specifications could be revealed if included in search queries sent to the MCP proxy.

RecommendationUse generic search terms where possible, avoid including sensitive or proprietary sourcing details, and verify the external MCP endpoint before relying on it for confidential procurement work.