Back to skill

Security audit

LinkedIn 公司员工查询,按公司 ID 从 LinkedIn 数据获取员工名单与职位。帮助招聘人员、销售团队与 B2B线索构建者发掘公司层级、核验团队结构、丰富联系数据——适合人才调研、组织分析与线索资格筛选。

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid API helper for LinkedIn employee lookup, with expected but sensitive API-key, billing, and local cache handling users should understand before use.

Install only if you are comfortable with a paid Upkuajing API workflow. The skill will use or create an UPKUAJING_API_KEY, may store it in ~/.upkuajing/.env, can query account/pricing information, and can generate a recharge payment URL when directed. Confirm fees before running employee-list queries and avoid pasting or displaying the full API key in conversation logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs use of environment variables, reads and writes a local ~/.upkuajing/.env file, and performs networked API actions, yet no explicit permissions are declared. This creates a transparency and consent gap: operators may invoke the skill expecting only LinkedIn-style lookup behavior while it can also access local secrets and modify local state.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented purpose is employee lookup, but the skill also includes credential provisioning, account inspection, billing/充值 order creation, pricing queries, and local cache/state updates. This behavioral expansion is dangerous because users may authorize a data lookup skill without realizing it can create accounts, trigger billable workflows, or persist sensitive state on disk.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The script implements API key issuance, account lookup, and billing-related actions that are not necessary for a skill described as LinkedIn company employee analysis. This scope mismatch is dangerous because it expands the skill's capabilities into credential provisioning and financial operations, increasing attack surface and creating opportunities for abuse if the skill is invoked unexpectedly or by an untrusted orchestrator.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Creating recharge orders is unrelated to the stated business purpose of analyzing LinkedIn company personnel. A hidden or undocumented payment capability can trigger unauthorized financial actions, especially in agent ecosystems where users may not expect a data-analysis skill to perform billing operations.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Account balance and pricing queries are not aligned with the advertised LinkedIn analysis workflow and expose additional account metadata. While less severe than payment creation, these functions still broaden access to sensitive commercial information and indicate over-privileged, off-purpose functionality.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
97% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
97% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"""
    申请新的 API 密钥。
    """
    # 检查是否已存在 .env 文件和 API key
    env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
        # 读取现有的 .env 文件
        try:
            with open(env_file, 'r', encoding='utf-8') as f:
                content = f.read()
Confidence
89% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
except IOError as e:
        return {
            "success": False,
            "message": f"API密钥申请成功,但保存到 .env 文件失败:{str(e)}。\n请手动设置环境变量 {API_KEY_ENV}。",
            "envFilePath": str(env_file)
        }
Confidence
74% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
92% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196