← Back to Skills Marketplace
340
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install mjzj-sp
Description
卖家之家(跨境电商)服务商搜索
Usage Guidance
Before installing, consider that the skill declares MJZJ_API_KEY as required even though its search endpoints are documented as public. If you supply MJZJ_API_KEY, the agent (or this skill) could use it to call authenticated endpoints such as sending private messages on your behalf. Only provide the key if you trust the skill's publisher and understand what that key allows (who can be messaged, rate limits, audit/logging). If you only need public search, ask the publisher to remove the API key requirement or mark the key optional so you don't expose credentials unnecessarily. Verify the domain/owner and prefer least-privilege (a dedicated token scoped to messaging if needed).
Capability Analysis
Type: OpenClaw Skill
Name: mjzj-sp
Version: 1.0.2
The skill bundle provides legitimate functionality for searching service providers and sending messages on the mjzj.com platform. It defines clear API interactions with the domain data.mjzj.com and includes standard instructions for handling Snowflake IDs and intent routing. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
Capability Assessment
Purpose & Capability
The skill claims to provide public service-provider search endpoints (no token needed) but the registry metadata marks MJZJ_API_KEY as a required primary credential. If the skill's purpose is only searching, an API key should not be required. The declared credential is only clearly needed for sending private messages (a separate mjzj-msg flow), so requiring it for the whole skill is disproportionate or at least misleading.
Instruction Scope
SKILL.md instructs the agent to call two public endpoints (/api/spQuery/getClassifies and /api/spQuery/queryProviders) and to use returned userSlug to call /api/message/sendMessage when contacting providers. It explicitly states queries are public and don't need tokens, yet also documents the Authorization header for messaging. That contradiction means runtime behavior could include authenticated messaging if the agent follows the linking guidance — potentially using the provided MJZJ_API_KEY to act on the user's behalf.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by the skill itself and the static scanner had no code to analyze.
Credentials
Only MJZJ_API_KEY is requested (so surface area is small) but it is declared required even though the documented public query endpoints do not need it. Requesting a key that enables authenticated actions (sending messages) when the primary described capability is unauthenticated search is disproportionate and could enable message-sending without the user realizing.
Persistence & Privilege
The skill does not request always:true, has no install hooks, and does not request system config paths or other skills' credentials. It does reference another skill (mjzj-msg) but does not appear to modify other skills or system settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install mjzj-sp - After installation, invoke the skill by name or use
/mjzj-sp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
- 新增“服务商 → 私信”流程说明:明确可用返回的 userSlug 字段快速发起私信,并指明调用流程及鉴权要求。
- 意图路由提示词补充:在服务商查询后,可直接用 userSlug 发私信(需 mjzj-msg Skill)。
v1.0.1
**Reduced scope for public service provider search only**
- Skill now only supports service provider category listing and provider search; all product, label, and product publishing APIs removed.
- Only the following endpoints are available: `/api/spQuery/getClassifies` and `/api/spQuery/queryProviders`.
- No authentication (token) is required; all APIs are public.
- All ID fields must be handled as strings, including for query and response data.
- Updated documentation and prompt guidance to match simplified, search-only functionality.
v1.0.0
mjzj-sp 1.0.0 – Initial Release
- Provides seller service/provider/product/category queries and new product publishing for 卖家之家 (mjzj.com).
- Supports 7 public and authenticated API endpoints, including service/product/label queries and product/temporary file submission.
- Implements detailed interface usage, parameter formats, and error handling as outlined in the documentation.
- Enforces strict token and authority checks for sensitive operations (file upload, product application).
- Includes clear mapping of user intents/keywords to API calls for seamless integration.
- Provides workflow and error prompt templates for easy troubleshooting and compliance.
Metadata
Frequently Asked Questions
What is 卖家之家(跨境电商)服务商搜索?
卖家之家(跨境电商)服务商搜索. It is an AI Agent Skill for Claude Code / OpenClaw, with 340 downloads so far.
How do I install 卖家之家(跨境电商)服务商搜索?
Run "/install mjzj-sp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is 卖家之家(跨境电商)服务商搜索 free?
Yes, 卖家之家(跨境电商)服务商搜索 is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does 卖家之家(跨境电商)服务商搜索 support?
卖家之家(跨境电商)服务商搜索 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created 卖家之家(跨境电商)服务商搜索?
It is built and maintained by mjzj-tec (@mjzj-tec); the current version is v1.0.2.
More Skills