Back to skill

Security audit

LinkedIn 人员教育背景查询,按人员 ID 从 LinkedIn 数据获取含院校、学位、专业与绩点的教育经历。帮助招聘人员、HR团队与用人经理核验学历背景、评估候选人资质、做出明智招聘决策——适合候选人筛选、背景核验与人才评估。

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed paid API wrapper for LinkedIn education lookup, with expected credential and billing helpers but no evidence of deception, exfiltration, or destructive behavior.

Install only if you are comfortable using Upkuajing's paid API, storing its API key in a plaintext file under your home directory, and sending LinkedIn person IDs to the provider. Confirm costs before each query, review recharge payment links yourself, and leave API logging disabled unless you intentionally need local debug logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill exercises sensitive capabilities—network access, reading environment/local files, and writing to the user's home directory—without declaring permissions. This reduces transparency and informed consent, making it easier for credential handling and paid actions to occur unexpectedly.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The stated purpose is education-history lookup, but the documented behavior extends to API key issuance, local credential storage, account/balance queries, recharge order creation, pricing queries, and version-check telemetry. This mismatch is dangerous because users may authorize a simple lookup skill without realizing it can manipulate accounts, billing, and local secrets.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The documentation includes registration, API-key issuance, recharge-order creation, and payment-link handling that are unrelated to the narrow data-retrieval purpose. Broadening scope in this way increases the attack surface for account abuse, social engineering, and unintended financial actions.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file's functionality materially diverges from the declared skill purpose: instead of retrieving LinkedIn education data, it performs account onboarding, API key issuance, balance checks, recharge, and pricing operations for a different platform. This mismatch is dangerous because it can mislead users and reviewers about the real permissions and commercial actions the skill performs, increasing the chance of unauthorized billing or credential provisioning under false pretenses.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Recharge-order creation and pricing/billing operations are not justified by a read-only LinkedIn education lookup use case. Embedding monetization/account-funding actions in such a skill broadens the attack surface and could enable deceptive or unintended financial actions if invoked by a user who expects only profile retrieval.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The module introduces outbound network communication and update-check behavior that is unrelated to the skill’s stated purpose of retrieving LinkedIn education history. Even though the code appears intended for maintenance rather than abuse, this creates an extra external call path, metadata disclosure about installed skills, and a hidden side effect during normal API use, which expands the attack surface and may violate least-privilege expectations.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
当 ENABLE_API_LOGGING 被启用时,请求参数和响应体会被完整写入本地日志文件,可能包含查询对象的个人教育信息、账户信息或其他敏感业务数据。代码未做字段级脱敏、最小化记录或用户提示,一旦主机被其他本地用户访问、日志被收集上传或长期留存,敏感数据可能被二次泄露。

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
86% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
89% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196