Back to skill

Security audit

支持海外公司股东查询 、高管查询、股权结构穿透,按公司ID从全球企业数据库获取含持股比例、股份类型与股东层级的股东名单。帮助投资者、分析师、业务销售人员、风控研究股权结构、实际控制人穿透/最终受益人——适合尽职调查、投资研究、竞品与集团关系分析、关联交易排查,常用于判断目标公司控制人与公司资本实力

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid API client for shareholder lookup, with setup and billing helpers that need caution but do not show malicious behavior.

Install only if you are comfortable using Upkuajing's paid API, storing its API key locally in ~/.upkuajing/.env, and manually approving any charged query or recharge-related step. Keep the API key private and consider tightening file permissions or using environment-variable injection instead of a plaintext file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no explicit permissions, yet its documented behavior includes reading environment variables, accessing local files, writing secrets to ~/.upkuajing/.env, and making network requests. This creates a transparency and least-privilege problem: operators may invoke the skill expecting a simple lookup tool while it can also modify local state and interact with external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The stated purpose is shareholder/beneficial-owner lookup, but the instructions also authorize API key issuance, local credential persistence, account inspection, recharge order creation, pricing queries, and version-check caching. This mismatch is dangerous because it widens the trust boundary and can cause users or agents to approve actions with billing, credential, or local-write side effects that are unrelated to the advertised data-query task.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The documentation expands a company-shareholder lookup skill into API key application, account information retrieval, and payment workflows. Even if intended for usability, bundling these actions increases the chance of unnecessary credential handling and financial operations being triggered in a context where the user expects only corporate data retrieval.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
Granting a shareholder-query skill the ability to request new API keys and create recharge orders is disproportionate to its core purpose. In practice, this can expose users to unauthorized billing actions or secret lifecycle changes under the guise of a simple lookup workflow.

Intent-Code Divergence

Low
Confidence
78% confidence
Finding
The title and overview present the skill as a shareholder query tool, but the later instructions include account activation, recharge, and account-management behavior. This inconsistency can mislead users about the operational scope and side effects, reducing informed consent and increasing the likelihood of unsafe execution.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The script exposes authentication and payment-management capabilities even though the skill is described as a shareholder/beneficial-owner lookup tool. This scope mismatch is dangerous because users and orchestration systems may grant trust or permissions based on the declared purpose, while the code can perform account lifecycle and billing actions unrelated to the advertised function.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code requests a new API key from a remote service and persists it locally, which is materially more sensitive than simple enterprise-data querying. In a skill ecosystem, undeclared credential provisioning and storage increase the risk of silent account creation, credential sprawl, and misuse of a trusted integration context.

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
Creating recharge orders and exposing account balance/pricing are billing and account-management features with no direct need for shareholder lookup. In this context, that broadens the blast radius from read-only business intelligence into actions that can trigger financial transactions or reveal sensitive account metadata.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
This module adds behavior unrelated to the skill’s stated purpose by making outbound network requests to a server and persisting per-user state in a local cache file. Even if intended for update checking, hidden or undocumented network and filesystem activity expands the trust boundary, can leak skill usage metadata, and creates an unnecessary channel for remote influence or tracking in a shareholder-query skill where users would not expect such behavior.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"""
    申请新的 API 密钥。
    """
    # 检查是否已存在 .env 文件和 API key
    env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
Confidence
88% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
        # 读取现有的 .env 文件
        try:
            with open(env_file, 'r', encoding='utf-8') as f:
                content = f.read()
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
96% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
94% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196