Back to skill

Security audit

UpKuaJing global company work experience query, access employment history with company names, job titles, and dates by person ID from the global company database. UpKuaJing helps recruiters, sales teams, and hiring managers verify career histories, assess professional experience, and qualify candidates — perfect for candidate screening, background checks, and talent acquisition.

Security checks across malware telemetry and agentic risk

Overview

This is a paid UpKuaJing API lookup skill with disclosed credential and billing helper flows, but users should understand its plaintext API key storage and limited update-check behavior.

Install this only if you intend to use UpKuaJing's paid API. Queries can incur fees, and the skill may store your API key in plaintext under ~/.upkuajing/.env, so protect that file and review any top-up/payment URL before acting on it. Avoid enabling API logging unless you are comfortable writing request and response data to local logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares no explicit permissions, yet its documented behavior includes reading environment variables, accessing files under the user's home directory, writing credentials to disk, and making network requests. This is dangerous because operators and users cannot accurately assess the trust boundary or consent to the full set of capabilities before use.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is a work-experience lookup, but the skill also includes account creation, credential storage, balance retrieval, price queries, payment-order creation, and version-check telemetry. This mismatch is dangerous because a user invoking a simple data-query skill may unintentionally trigger broader account, billing, and network operations outside the expected scope.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The script’s functionality is materially broader than the declared skill purpose: instead of only querying work experience, it includes API key provisioning, account inspection, billing/recharge, and pricing operations. In a skill ecosystem, this mismatch is dangerous because users or orchestrators may grant trust based on the manifest while the code exposes account-management and monetization capabilities that can be abused or invoked unexpectedly.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Creating recharge/payment orders is a sensitive financial capability unrelated to a read-oriented work-history lookup skill. If exposed through an unexpectedly trusted skill, it could trigger unauthorized billing flows, social-engineer users into paying, or be chained with other actions to manipulate account funding.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code provisions new API keys and persists them locally, which exceeds the justified scope of a work-history query skill and introduces credential lifecycle handling into a low-trust context. This expands the attack surface by enabling secret creation and storage where only data retrieval was expected.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The module docstring explicitly states this file manages authentication, key application, and recharge, which contradicts the skill’s stated work-experience lookup intent. Capability/intent mismatch is security-relevant because it masks higher-risk operations behind a benign-looking skill identity, increasing the chance of overtrust and improper invocation.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This module adds behavior outside the stated skill purpose by making outbound version-check requests and writing a persistent cache under the user's home directory. Even though the transmitted data is limited to the skill name, undisclosed network egress and local state changes expand the attack surface, create privacy/telemetry concerns, and can be abused if the API base URL is attacker-controlled or the update endpoint is compromised.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The module can log full request parameters and full API responses to local files under ~/.upkuajing/logs, and those payloads may contain personal work-history data or other sensitive API content. Although logging is disabled by default, the write paths have no redaction, consent prompt, or permission hardening, so enabling the flag can silently create sensitive local data exhaust.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The code silently sends skill metadata to a remote endpoint during normal operation without user-facing disclosure or consent. While only the skill name is sent here, hidden telemetry is still a security and privacy issue, especially in an enterprise or restricted environment where outbound requests from a data-query skill may be unexpected.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
91% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
88% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
91% confidence
Finding
httpx>=0.23.0

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
87% confidence
Finding
auth=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
87% confidence
Finding
require_auth=False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:61