AI agents call open_store to retrieve information from Yjzf without modifying anything — typically the context-gathering step in research, monitoring, and reporting workflows, before the agent takes action elsewhere.
| Parameter | Type | Required | Description |
|---|---|---|---|
action | string | Yes | 要执行的动作:get_options=获取全部筛选选项,export=执行导出 |
branchId | string | Yes | 城市公司ID(即organId),必须通过 branch_select 工具获取,禁止自行编造 |
cityCode | string | Yes | 城市编码,必须通过 branch_select 工具获取,禁止自行编造 |
isEnabled | string | — | 门店状态筛选(选填,单选)。可选值:'1'=启用,'0'=禁用。不传默认'1'(启用) |
branchName | string | Yes | 城市公司名称(用于文件命名),必须通过 branch_select 工具获取,禁止自行编造 |
sharedStore | number | — | 经营方式筛选(选填,单选)。可选值:0=独立经营,1=合并经营。不传则导出全部经营方式的门店 |
vasTypeList | array | — | 增值业务筛选(选填,多选)。必须传 get_options 返回的 vasTypes 中的 val 字段值,禁止传中文名称。不传则导出全部增值业务类型的门店 |
virtualStore | number | — | 作业主体筛选(选填,单选)。可选值:0=营销门店,1=职能门店。不传则导出全部作业主体的门店 |
unitedSalesStatusList | array | — | 联卖门店筛选(选填,多选)。必须传 get_options 返回的 unitedSalesStatuses 中的 val 字段值,禁止传中文名称。不传则导出全部联卖状态的门店 |
Parameters from the server's own tool schema.
The tool reads and exports store data from an ERP system into an Excel file. Both actions (get_options and export) are data retrieval operations with no indication of writing, modifying, or deleting data. Exporting/downloading data is a Read operation. Severity is low as it only retrieves business store information.
From the tool's definition 从ERP系统导出营业门店Excel文件 (exports store data from ERP system as Excel file); supports 'get_options' to retrieve filter options and 'export' to execute export
Attacks that exploit this kind of access
从ERP系统导出营业门店Excel文件。必须先调用 branch_select 获取 branchId 和 cityCode。支持2个action: get_options获取全部筛选选项(联卖门店、增值业务), export执行导出。. It is categorised as a Read tool in the Yjzf MCP Server, which means it retrieves data without modifying state.
open_store accepts 9 parameters: action, branchId, cityCode, isEnabled, branchName, sharedStore, vasTypeList, virtualStore, unitedSalesStatusList. Required: action, branchId, cityCode, branchName. The full parameter table on this page comes from the server's own tool schema.
Register the Yjzf MCP server in PolicyLayer and add a rule for open_store: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Yjzf. Nothing to install.
open_store is a Read tool with low risk. Read-only tools are generally safe to allow by default.
Yes. Add a rate_limit block to the open_store rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for open_store. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
open_store is provided by the Yjzf MCP server (@yjzf/mcp-server-yjzf). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Every MCP server has a record like this.
Type a name, get the same breakdown: verified identity, auth posture, risk grade, capabilities, recommended policy.
Teams ship this data inside their own products. See what a licence covers →