Back to skill

Security audit

LinkedIn 公司搜索,按名称、行业、规模与成立年份从 LinkedIn 数据找公司。 帮助销售团队、营销人员与 B2B 线索构建者发掘 LinkedIn公司档案、研究目标客户、丰富企业画像数据——适合客户开发、市场调研、竞品分析与账户式销售。

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its stated LinkedIn company-search purpose, but it warrants review because it handles paid API credentials, can retrieve contact data, and performs an under-disclosed update check.

Review this before installing if you are comfortable with a paid third-party API key being stored in ~/.upkuajing/.env, company/contact search results being saved under the skill directory, and a daily version-check call to the provider. Use the contact-data features only where you have a lawful basis and comply with privacy and anti-spam rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs use of Python scripts that access environment variables, read and write files under the user's home directory, and call external APIs, yet it declares no permissions. This creates a transparency and consent problem: an operator may invoke a skill believing it is low-risk while it can access credentials, persist data, and perform network actions with billing consequences.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
This module performs outbound network requests and writes persistent state under the user's home directory even though the skill's stated purpose is LinkedIn company search. That mismatch creates unnecessary attack surface: a compromised or misconfigured update endpoint could influence user behavior, leak skill usage metadata, or introduce trust in unsolicited upgrade prompts.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code implements self-update/version telemetry behavior by POSTing the skill name to a remote API and caching the returned version locally. In a skill whose business purpose is unrelated to update management, this hidden control-plane behavior can expose usage metadata and can be abused for social engineering through upgrade notices if the server response is not strongly authenticated.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation explicitly supports filtering for the existence of employee and core member contact information, including valid phone numbers, emails, WhatsApp, and personal contact indicators, without any privacy, consent, or lawful-use warning. In the context of a lead-generation and ABM targeting skill, this increases the risk of mass profiling, unsolicited outreach, and misuse of personal data at scale.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The response schema documents a field that exposes employee contact output (`person_contact_show`) yet provides no warning that this may contain sensitive personal data or impose handling restrictions. Because the skill is designed for customer development and market research, exposing even a sample employee contact can facilitate targeted harvesting and downstream abuse.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
92% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"""
    申请新的 API 密钥。
    """
    # 检查是否已存在 .env 文件和 API key
    env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
Confidence
84% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
        # 读取现有的 .env 文件
        try:
            with open(env_file, 'r', encoding='utf-8') as f:
                content = f.read()
Confidence
86% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
92% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
except IOError as e:
        return {
            "success": False,
            "message": f"API密钥申请成功,但保存到 .env 文件失败:{str(e)}。\n请手动设置环境变量 {API_KEY_ENV}。",
            "envFilePath": str(env_file)
        }
Confidence
81% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
95% confidence
Finding
httpx>=0.23.0

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196