Back to skill

Security audit

LinkedIn 学校详情查询工具,通过学校ID获取学校名称、类型、地理位置和社交媒体链接等详细信息。帮助招聘人员、研究人员和分析师验证教育机构信息、研究学术网络、丰富机构数据 — 适合学历验证、院校研究和学术网络分析。

Security checks across malware telemetry and agentic risk

Overview

This is a paid UpKuaJing LinkedIn school lookup skill with disclosed credential and billing helper flows, but it should be used carefully because it stores an API key locally and can create a top-up payment URL.

Install only if you intend to use UpKuaJing's paid API. Expect the skill to contact UpKuaJing, use or create an API key, store that key in ~/.upkuajing/.env if you request a new one, check account/pricing information, and generate a top-up payment URL when needed. Confirm every paid query and any top-up-related action before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares itself as a simple LinkedIn school-detail lookup, but its documented behavior clearly includes reading environment variables, accessing local files, and making networked API calls without explicitly declaring those permissions. This weakens transparency and informed consent, making it easier for a user or platform to underestimate the skill's access to credentials and local state.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill's stated purpose is a school-detail query, but it also performs account provisioning, credential storage, account inspection, recharge order creation, pricing retrieval, and version/cache operations. This description-behavior mismatch is dangerous because users may authorize a seemingly narrow lookup tool that in practice can handle credentials, payment-related flows, and broader account actions.

Context-Inappropriate Capability

High
Confidence
90% confidence
Finding
Including recharge-order creation in a skill advertised as a read-only LinkedIn school-detail lookup violates least privilege and creates an unnecessary financial action surface. If this skill is invoked by a user or agent expecting only data retrieval, it could trigger billing-related operations outside the user's intent.

Context-Inappropriate Capability

Medium
Confidence
81% confidence
Finding
The skill contains API key issuance and local persistence logic even though the stated purpose is school-detail lookup. Bundling credential lifecycle management into an unrelated data-query skill increases the attack surface and may let an agent obtain and store credentials without a narrowly scoped operational need.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The module introduces outbound network access to a version-check endpoint that is unrelated to the skill’s declared purpose of retrieving LinkedIn school details. Even if intended for maintenance, this creates an additional data egress and supply-chain communication path that can expose environment metadata, surprise users, and expand the attack surface if the endpoint or base URL is untrusted or compromised.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The code persists version-tracking data under the user’s home directory, which is outside the stated business function of this skill. While the cached content is limited, persistent local state can create privacy and operational concerns, leaves artifacts on the host, and may be unexpected in environments that require stateless or least-privilege skill execution.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
93% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
95% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:60