Back to skill

Security audit

全球公司人员搜索,按姓名、公司、行业与档案 URL 从全球公司数据库找人。帮助招聘人员、销售团队与 B2B线索构建者发掘全球联系人、寻源候选人、丰富联系数据——适合人才搜索、猎头、线索开发与跨国客户获取。

Security checks across malware telemetry and agentic risk

Overview

This is a real person-search API skill, but it handles paid account actions, plaintext API keys, persistent result files, and automatic update checks in ways users should review before installing.

Install only if you are comfortable giving the skill access to a paid UPKUAJING API account, storing the API key in a plaintext file under your home directory, and saving search results locally. Use it only for lawful business-contact searches, review costs before confirming queries, and avoid exposing the .env file contents in chat or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions, yet its documentation instructs use of environment variables, reads and writes files under the user's home directory, and performs networked API and payment-related actions. This is dangerous because the runtime capabilities materially exceed what a user would infer from the manifest, undermining informed consent and increasing the chance of unauthorized credential handling or external calls.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The published description frames the skill as a person-search tool, but the instructions also cover API key issuance, credential storage, account inspection, recharge order creation, pricing lookup, and persistent local task storage. That mismatch is dangerous because users may invoke a seemingly narrow search skill without realizing it can manipulate accounts, handle secrets, and trigger billing-related workflows.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The module makes an outbound HTTP request to a server-supplied base URL to check for updates, which is unrelated to the skill's stated person-search functionality. Even if intended for maintenance, this creates an unexpected network side effect, can leak usage metadata, and expands the attack surface if the URL is untrusted or redirected to an attacker-controlled endpoint.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code persists update-tracking data in the user's home directory under ~/.upkuajing, which is unrelated to the advertised search capability and creates undeclared local state. While not directly dangerous by itself, persistent tracking can expose usage patterns, surprise users, and become a privacy or integrity concern if other local processes read or tamper with the cache.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly enables searching and filtering people by the existence of phone numbers, WhatsApp, email, website, and social accounts, which is privacy-sensitive personal data handling. In the context of a person-search skill aimed at finding procurement contacts and decision-makers, the lack of any warning, access-control guidance, lawful-basis requirements, or anti-abuse constraints increases the risk of targeted scraping, unsolicited outreach, and misuse of personal contact information.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
83% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
87% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196