Back to skill

Security audit

UpKuaJing global company alumni query, find alumni and former colleagues by company ID and person ID from the global company database. UpKuaJing helps recruiters, sales teams, and B2B lead builders discover professional networks, trace career histories, and expand contact lists — perfect for talent sourcing, reference research, and network intelligence.

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed paid API client for querying alumni data, with some sensitive but purpose-aligned account and credential handling users should understand before use.

Install only if you are comfortable using UpKuaJing's paid API. Keep the API key in ~/.upkuajing/.env private, expect queries to contact openapi.upkuajing.com and incur fees after confirmation, and review any payment URL before paying.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (18)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises no explicit permissions while its documented behavior includes reading environment variables, reading and writing files under the user's home directory, and making network calls. This creates a transparency and consent problem: users and hosting platforms cannot accurately assess what sensitive resources the skill will access before use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The declared purpose is a narrow alumni lookup, but the documented behavior also includes credential enrollment, local credential storage, balance/account inspection, payment order creation, pricing retrieval, and version-check traffic. That mismatch increases the risk of unexpected sensitive actions, especially financial and credential-related operations, beyond what a user would reasonably infer from the skill description.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This file implements credential issuance, account inspection, recharge, and pricing operations that are materially broader than the skill’s stated purpose of querying alumni data. In a skill ecosystem, unrelated account-management and billing capabilities increase attack surface and create opportunities for unauthorized credential provisioning or financial misuse if the skill is invoked unexpectedly or repurposed.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
The CLI exposes recharge-order creation and pricing-query actions even though the skill is described as an alumni list query tool. Billing-related functions can trigger financial workflows or reveal commercial account details, which is dangerous when bundled into an unrelated skill because users and reviewers may not expect those side effects.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code can request a new API key and persist it locally, which is sensitive credential lifecycle functionality unrelated to alumni lookup. In the skill context, this is especially risky because a seemingly read-only data skill should not be able to mint and store new credentials, enabling unauthorized API access expansion if abused.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The module makes an outbound HTTP request to a server endpoint and persists version-check state under the user's home directory, behavior that is not necessary for the stated alumni-query function. Even if intended for update notifications, this introduces undisclosed network telemetry and local persistence, expanding the skill's attack surface and enabling metadata leakage or misuse if the API base URL is untrusted or compromised.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill performs self-update telemetry by sending the skill name to an external API during execution, which is unrelated to alumni lookup. This creates a covert communication path that can reveal installed-skill usage patterns and could be repurposed for tracking or command-and-control-like behavior if the endpoint is attacker-controlled.

Context-Inappropriate Capability

Low
Confidence
88% confidence
Finding
The code writes persistent cache data in ~/.upkuajing/version_cache.json for version tracking, which is unnecessary for the skill's declared alumni-query purpose. While the stored data is limited, unsolicited persistence can expose usage history, create privacy concerns, and provide a foothold for stateful behavior not expected from the tool.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The request helper sends caller-supplied parameters to a remote API and includes optional request/response logging that can persist those parameters and returned data to local log files. For an alumni/person lookup skill, this may include personal or sensitive business data, and there is no built-in redaction, consent prompt, or data-minimization control.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
91% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"""
    申请新的 API 密钥。
    """
    # 检查是否已存在 .env 文件和 API key
    env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
        # 读取现有的 .env 文件
        try:
            with open(env_file, 'r', encoding='utf-8') as f:
                content = f.read()
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
98% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
except IOError as e:
        return {
            "success": False,
            "message": f"API密钥申请成功,但保存到 .env 文件失败:{str(e)}。\n请手动设置环境变量 {API_KEY_ENV}。",
            "envFilePath": str(env_file)
        }
Confidence
84% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
96% confidence
Finding
httpx>=0.23.0

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
91% confidence
Finding
auth=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
91% confidence
Finding
require_auth=False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:61