Back to skill

Security audit

支持海外企业员工信息查询 / 公司人员名单查询,按公司 ID从海外企业数据库获取员工名单、职位、职级与部门。帮助招聘人员、销售团队、B2B线索构建者、丰富联系人与职位数据——适合人才调研、竞品组织分析、关键人(决策人)定位与线索资格筛选,适用于找采购/技术决策人、招聘挖角与销售线索

Security checks across malware telemetry and agentic risk

Overview

This looks like a real paid employee-lookup API skill, but it needs Review because it also manages local API credentials, billing helpers, and an automatic version check with imperfect disclosure and containment.

Install only if you are comfortable with a paid third-party API skill that can read and create a local API key file, contact Upkuajing services, create recharge payment URLs, and cache version-check data under your home directory. Avoid displaying the .env contents in shared transcripts, review file permissions on ~/.upkuajing/.env, and confirm each billable lookup before it runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no explicit permissions, yet its documented behavior includes reading environment variables, reading and writing files under the user's home directory, and making network calls to external services. This creates a transparency and consent gap: an agent or reviewer may underestimate the skill's access level and allow sensitive operations such as local credential handling or outbound requests without clear permission boundaries.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated purpose is employee lookup, but the skill also performs account management, API key provisioning, balance checks, pricing queries, recharge order creation, and version-check/caching behavior. This mismatch is dangerous because users may invoke a seemingly simple data lookup skill without realizing it can modify local credential state, initiate billable account workflows, and communicate with additional backend endpoints.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The module automatically makes a network request during normal operation and transmits the skill name without explicit user notice or consent. Although the transmitted data is limited, this creates undisclosed telemetry and can reveal installed capabilities or usage context to the remote service, which is unnecessary for the core employee-discovery function.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
except IOError as e:
        return {
            "success": False,
            "message": f"API密钥申请成功,但保存到 .env 文件失败:{str(e)}。\n请手动设置环境变量 {API_KEY_ENV}。",
            "envFilePath": str(env_file)
        }
Confidence
76% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
92% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196