Back to skill

Security audit

支持海外公司内部校友列表查询,按公司 ID 与人员 ID 从全球公司数据库找校友与昔日同事。帮助招聘人员、销售团队与 B2B线索构建者发掘职业关系网、追溯职业履历、扩展联系清单——适合人才寻源、背调调研与人脉关系分析。

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid vendor API lookup tool, but users should understand it stores an API key locally and can create recharge/payment links when directed.

Install only if you are comfortable with a paid third-party API that stores UPKUAJING_API_KEY in a plaintext file under your home directory. Confirm charges before each lookup, review any payment URL before paying, and consider managing the API key through your own safer secret storage if possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its documented behavior requires environment-variable access, reading and writing files under the user's home directory, and making network requests to external APIs. This under-declaration weakens user consent and platform policy enforcement because the skill can access secrets and persist data without those capabilities being explicitly disclosed.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The published description says the skill retrieves company alumni and former employees for business development, but the documented behavior also includes API key enrollment, local secret storage, account inspection, recharge order creation, pricing queries, and version-check caching. This mismatch can mislead users into authorizing a skill that performs billing- and credential-related actions beyond the advertised purpose, increasing the risk of unintended charges and secret handling.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest advertises company alumni/former-employee retrieval, but the documentation only supports alumni lookup by person ID and school ID. This semantic mismatch is dangerous because users may provide broader company-investigation intent and trust the skill to operate within that scope, while the actual inputs and data handling differ substantially from what was promised.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The top-level description frames the skill as company-oriented alumni discovery, but the body states it queries a person's alumni information. In a security context, this inconsistency reduces transparency and can conceal the true collection/use of identifiers, making it harder for users and reviewers to assess whether the requested data access is appropriate.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file implements authentication, API key issuance, account lookup, pricing, and recharge/payment flows, which do not match the declared alumni/former-employee search purpose of the skill. This capability mismatch is dangerous because it expands the trust boundary and introduces account and billing operations that users would not reasonably expect from this skill, increasing the chance of abuse or deceptive monetization.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Generating recharge/payment URLs is unrelated to the advertised company alumni lookup function and introduces a financial operation into a non-financial skill. In context, that makes the skill more dangerous because users may invoke it expecting data retrieval, not payment initiation, creating room for unauthorized charges, phishing-style payment flows, or hidden monetization.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The code can request a new API key and persist it locally, which exceeds the stated alumni/personnel search scope and adds credential lifecycle management to the skill. In this context, that broadens the attack surface and can facilitate unauthorized API usage, hidden account creation, or long-lived secret placement on disk without users understanding the security implications.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code performs an outbound network request to a remote version-check endpoint that is not required for the stated business purpose of alumni/former-employee retrieval. Even if intended as ordinary update telemetry, it expands the skill's trust boundary, can leak skill usage metadata to a server, and creates a hidden external dependency that may be abused for tracking or unexpected communication.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The request/response logging helpers can persist full API parameters and response bodies to local log files, which may contain personal data, business-sensitive search targets, or other confidential content. Even though logging is disabled by default, enabling it creates a quiet local data-retention channel without redaction, consent, retention control, or permission hardening.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
        # 读取现有的 .env 文件
        try:
            with open(env_file, 'r', encoding='utf-8') as f:
                content = f.read()
Confidence
87% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
97% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
95% confidence
Finding
httpx>=0.23.0

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
90% confidence
Finding
auth=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
90% confidence
Finding
require_auth=False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196