Scan Report
5 /100
tender-search
全网招中标数据扫描雷达·投标分析助手
A legitimate tender/bidding information search skill with comprehensive documentation, proper credential handling guidance, and no code or scripts.
Safe to install
This skill is safe to use. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | NONE | — | No filesystem access declared or implemented |
| Network | READ | READ | ✓ Aligned | MCP server and REST API calls to zhiliaobiaoxun.com (documented) |
| Shell | NONE | NONE | — | No shell commands in documentation |
| Environment | READ | READ | ✓ Aligned | Reads ZLBX_API_KEY from environment (documented, legitimate) |
9 findings
Medium External URL 外部 URL
https://mcp-server.zhiliaobiaoxun.com/mcp SKILL.md:7 Medium External URL 外部 URL
https://ai.zhiliaobiaoxun.com SKILL.md:11 Medium External URL 外部 URL
https://mcp-server.zhiliaobiaoxun.com/api_v2/ SKILL.md:27 Medium External URL 外部 URL
https://mcp-server.zhiliaobiaoxun.com/api_v2/search_bids SKILL.md:34 Medium External URL 外部 URL
https://mcp-server.zhiliaobiaoxun.com/api_v2/get_bid_detail SKILL.md:35 Medium External URL 外部 URL
https://mcp-server.zhiliaobiaoxun.com/api_v2/get_top_suppliers SKILL.md:36 Medium External URL 外部 URL
https://mcp-server.zhiliaobiaoxun.com/api_v2/$ SKILL.md:92 Medium External URL 外部 URL
https://www.zhiliaobiaoxun.com/content/xxxxxx/b1 SKILL.md:224 Medium External URL 外部 URL
https://ai.zhiliaobiaoxun.com/docs/api/ SKILL.md:318 File Tree
1 files · 9.9 KB · 319 lines Markdown 1f · 319L
└─
SKILL.md
Markdown
Security Positives
✓ Documentation-only skill with no executable code
✓ API key handling follows security best practices (MCP headers/env vars, not hardcoded)
✓ All network activity documented and restricted to legitimate business service (zhiliaobiaoxun.com)
✓ No sensitive path access (~/.ssh, ~/.aws, .env)
✓ No base64, eval, curl|bash, or other suspicious patterns
✓ No credential harvesting beyond the declared API key
✓ No hidden functionality detected