Back to skill

Security audit

UpKuaJing global company person education query, access education history with schools, degrees, majors, and GPAs by person ID from the global company database. UpKuaJing helps recruiters, HR teams, and hiring managers verify academic backgrounds, assess candidate qualifications, and make informed hiring decisions — perfect for candidate screening, background verification, and talent evaluation.

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a legitimate UpKuaJing API helper, but it needs review because it stores API keys in plaintext, includes account and payment-order flows, and performs an automatic version-check network call with local persistence.

Install only if you are comfortable giving the skill an UpKuaJing API key, using a paid API, and allowing it to write under ~/.upkuajing. Avoid displaying or sharing the .env file contents, review account or top-up actions before approving them, and consider disabling or removing the automatic version check and logging in sensitive environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its documented behavior includes reading environment variables, accessing local files under ~/.upkuajing, writing credentials to disk, and making network/API requests. This is a real transparency and least-privilege issue because users and host systems are not given an accurate capability declaration, which can undermine trust and bypass policy-based controls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as an education-history query tool, but the documentation also instructs the agent to perform account lifecycle and billing operations such as creating API keys, retrieving account info, creating payment orders, and checking versions. This broader behavior increases risk because a user invoking a data lookup skill may unintentionally trigger credential provisioning or financial operations outside the declared purpose.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This module adds outbound network access and local state writes for version checking, which is unrelated to the skill’s declared purpose of querying education history. Even if the transmitted data is limited to the skill name, the hidden side effect creates an unexpected communication channel and persistence mechanism that can violate least-privilege expectations and enable tracking or policy bypass in restricted environments.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code creates and writes under the user’s home directory (~/.upkuajing) to maintain version-check state, despite the skill being a read/query tool. This persistent local state is not necessary for the advertised functionality and introduces undeclared side effects, which can be abused for user tracking, policy violations, or unexpected filesystem modification in tightly controlled environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The logging helpers write full request parameters and API responses to local log files, which can include sensitive personal education records and query inputs. Even though logging is disabled by default, enabling it creates a clear privacy and data-retention risk without redaction, consent, or access controls.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The version check sends the skill name to a remote endpoint without any disclosure or user opt-in in this file. In the context of an education-query skill, this undocumented telemetry is unexpected and creates a privacy and control risk, especially in enterprise or sandboxed deployments where outbound calls must be explicit and justified.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
86% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
84% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
except IOError as e:
        return {
            "success": False,
            "message": f"API密钥申请成功,但保存到 .env 文件失败:{str(e)}。\n请手动设置环境变量 {API_KEY_ENV}。",
            "envFilePath": str(env_file)
        }
Confidence
83% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
93% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:58