huifu-order-query
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may suggest or perform changes to the Java project build configuration and run a local Maven build.
The skill instructs project-file modification and a Maven build command. This is expected for a Java SDK integration, but it can alter the project and run build lifecycle steps.
如果项目中没有该依赖,需要先在 pom.xml 中添加上述依赖,然后执行 Maven 安装: ```bash mvn clean install ```
Review the proposed pom.xml change and run Maven commands only in the intended project, preferably after confirming the dependency and version.
Generated code may access or expose merchant payment-order information if wired into a real backend.
The intended API handles merchant order/payment details, which are sensitive business data, although the artifact does not show credential collection or unrelated account access.
查询订单支付状态和详细信息,包括交易状态、金额、时间等。请求参数:huifuId | String | 是 | 商户号
Use only authorized merchant configuration, limit access to this endpoint, and avoid logging sensitive payment/order details unnecessarily.
The project may pull a Huifu SDK version determined elsewhere in the build configuration.
The skill requires a third-party SDK dependency but leaves the concrete version to a Maven property, so the user should verify the resolved version and source.
<groupId>com.huifu.bspay.sdk</groupId>
<artifactId>dg-java-sdk</artifactId>
<version>${dg-java-sdk.version}</version>Pin and review the SDK version in the project’s dependency management and use trusted Maven repositories.