Back to skill

Security audit

LinkedIn alumni query, find alumni connections with person and school IDs from LinkedIn data by company ID and person ID. UpKuaJing helps recruiters, sales teams, and B2B lead builders discover alumni networks, trace educational connections, and expand contact lists — perfect for talent sourcing, school network research, and lead generation.

Security checks across malware telemetry and agentic risk

Overview

This skill appears to support its alumni-query use case, but it also handles account setup, top-ups, local credential storage, and optional detailed logging in ways users should review before installing.

Install only if you are comfortable with this skill managing an external service account, storing an API key under ~/.upkuajing, creating recharge/payment orders when directed, and potentially writing detailed local API logs. Review the top-up workflow and disable detailed logging unless you need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions, but its documented behavior requires environment access, reading and writing files under ~/.upkuajing, and making network requests. This creates a transparency and least-privilege problem: users and enforcement systems cannot accurately assess what the skill is allowed to do, increasing the chance of unexpected credential handling or external communication.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as an alumni-query tool, but it also performs account creation, credential storage, account info retrieval, payment/top-up order creation, pricing lookups, and version checks. This broader behavior materially expands trust boundaries into authentication, billing, and persistent local state, which can surprise users and enable unintended financial actions or credential handling beyond the stated purpose.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The file implements API-key provisioning, account inspection, pricing lookup, and recharge-order creation, which materially exceeds the skill’s declared alumni-query purpose. This kind of scope mismatch is dangerous because it introduces billing and credential-management capabilities that a user may not expect, increasing the chance of unauthorized account actions or abuse through a seemingly innocuous data-query skill.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Creating recharge or payment orders is unrelated to querying alumni data and enables account-affecting financial actions from within a skill that users would not expect to handle billing. In this context, hidden or unnecessary payment functionality raises the risk of unauthorized charges, abuse of linked accounts, or social engineering around payment URLs.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Account and pricing inspection are not necessary for the stated alumni-list query use case and expose extra operational information about balances, account identifiers, and commercial configuration. While not as severe as payment creation, this broadens the attack surface and may leak sensitive business or account metadata through a skill that should be narrowly scoped.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The module docstring describes authentication management rather than alumni lookup, confirming a discrepancy between the published skill purpose and the code’s real behavior. Such misrepresentation is security-relevant because it can conceal privileged functionality from reviewers and users, making accidental approval of risky capabilities more likely.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
This module adds network communication and persistent local cache writes that are unrelated to the stated alumni-query function of the skill. Even if intended for maintenance, hidden version checks expand the skill's behavior surface, create telemetry about skill usage, and introduce an external dependency that could be abused or become a privacy/compliance issue.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill contains an auto-update/version telemetry capability that is not necessary for querying LinkedIn alumni data. In this context, unsolicited outbound requests and local state tracking are suspicious because they can disclose installation or usage metadata and normalize behavior beyond the declared purpose of the skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
If ENABLE_API_LOGGING is enabled, the code writes full request parameters and parsed response bodies to ~/.upkuajing/logs without redaction or a user-facing warning. Alumni queries and API responses may contain personal data or identifiers, so local log files can become a secondary source of sensitive-data exposure to other local users, backup systems, or support tooling.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
91% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
75% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
94% confidence
Finding
httpx>=0.23.0

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
88% confidence
Finding
auth=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
88% confidence
Finding
require_auth=False

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:61