Back to skill

Security audit

邮箱有效性检查,验证邮箱地址格式,有效和无效状态。帮助销售团队、招聘人员、市场营销人员验证邮箱有效性、降低邮件退信率、提升外联与冷启动效率——是 CRM数据清洗、候选人筛查、供应商核验、邮件列表清洗的必备工具,适用于外贸邮件群发前清洗、招聘背调与采购商核实。

Security checks across malware telemetry and agentic risk

Overview

This is a paid external email-validation API skill with disclosed credential, billing, and account-support workflows, but users should understand it sends email addresses to Upkuajing and stores credentials locally.

Install only if you are comfortable sending the email addresses you validate to Upkuajing's external API and paying for API usage. Keep ~/.upkuajing/.env private, review any recharge/payment URL before opening it, and avoid enabling API logging unless you intend to store request and response payloads locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (17)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill declares a narrow purpose but documentation indicates capabilities to read environment files, write credentials to disk, and make network/payment-related calls without an explicit permission model. That expands the trust boundary and can surprise users or orchestrators that rely on the declared metadata to decide whether a skill is safe to invoke.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior goes well beyond email validation into credential provisioning, local secret storage, account inspection, payment order creation, pricing lookup, and version-check caching. This mismatch makes the skill more dangerous because a user invoking an email checker may unknowingly trigger account, billing, or secret-management actions outside the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Instructing the agent to obtain a new API key and automatically save it to a local .env file introduces credential-handling and persistence behavior unrelated to validating email addresses. That can lead to unauthorized secret creation/storage, accidental overwriting of existing credentials, or normalization of agents managing secrets on behalf of users without strong controls.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
Creating recharge/payment orders and returning payment URLs is outside the core email-validation function and introduces billing abuse and social-engineering risk. A user or agent could be nudged into financial actions from within a seemingly unrelated utility, especially because the skill already has networked account interactions.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file implements account/authentication management, API key issuance, recharge ordering, and pricing queries, which is materially different from the advertised email-validation skill. This mismatch increases supply-chain risk because a user enabling an email hygiene tool would not reasonably expect credential provisioning and payment-related actions, making hidden or surprising side effects more dangerous.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The optional logging functions write full request parameters and API responses to disk under the user's home directory. In an email-validation skill, those payloads may contain email addresses and validation results, creating an undisclosed local data trail that could expose sensitive business or personal data to other local users, backups, or forensic collection.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This module performs outbound network access and writes persistent state under the user's home directory even though the skill is described as an email-validity tool. That creates undeclared data flow and side effects unrelated to the stated function, which can violate least-privilege expectations and provide a channel for telemetry or future abuse if the API base URL is untrusted or user-controlled.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code includes a self-version-check capability that sends the skill name to a remote service and is not necessary for validating email addresses. In this skill context, the mismatch is suspicious because users would not reasonably expect an email hygiene tool to phone home, and such mechanisms are often precursors to telemetry or remote control paths.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script writes newly issued API credentials directly into a local .env file without an explicit pre-write confirmation or any permission hardening shown in this file. Storing secrets this way can expose them to other local users, accidental inclusion in backups, or later leakage through tooling that reads environment files.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The code contacts a remote service to create a new API key without a clear user-facing warning at the time of execution that credential material will be requested and issued by an external endpoint. In the context of a skill presented as email validation, this hidden remote credential workflow is unexpected and can trick users into provisioning secrets they did not intend to create.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code can persist request/response content to local files without any runtime notice, consent, or confirmation from the user. Because the skill processes email-validation data, silent logging increases the chance of unexpected storage of personal data and operationally sensitive mailing-list information.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends user-supplied email addresses to a remote API endpoint without any explicit notice, confirmation, or documented consent at the point of use. Email addresses are personal/contact data, and silent transmission to an external service can create privacy, compliance, and data-handling risks, especially in bulk-cleaning workflows involving third-party recipient lists.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The version check sends skill metadata (`name`) to an external endpoint without any visible user-facing notice or consent in this module. While the payload is limited, it still discloses tool usage and establishes unexpected outbound communication, which is a privacy and transparency issue.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
94% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
84% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
88% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196