Back to skill

Security audit

LinkedIn school detail query, access detailed school information including name, type, location, and social media URLs from LinkedIn data. UpKuaJing helps recruiters, researchers, and analysts verify educational institutions, research academic networks, and enrich institutional data — perfect for education verification, institution research, and academic network analysis.

Security checks across malware telemetry and agentic risk

Overview

This looks like a real paid UpKuaJing school-lookup skill, but it needs review because it handles API keys and billing with unsafe or under-disclosed local behavior.

Install only if you are comfortable with a paid UpKuaJing integration that can read/write ~/.upkuajing files, use an API key, query account/balance data, and create top-up orders. Do not display or paste the contents of ~/.upkuajing/.env; prefer setting the API key through a safer secret mechanism, and require explicit confirmation before any paid query or top-up action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions, yet its documented behavior clearly involves reading environment variables, accessing local files under ~/.upkuajing, writing API keys, and making network requests. This weakens transparency and consent boundaries, increasing the chance an agent executes sensitive operations the user did not explicitly authorize.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as a simple school-detail lookup, but it also supports account management, API key provisioning, local credential storage, balance checks, pricing queries, and top-up/payment flows. That mismatch is dangerous because users or agents may grant trust for a low-risk data lookup while the skill can trigger broader credential, billing, and persistent-state operations.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
This skill is described as a LinkedIn school-detail lookup, but the file implements API key provisioning, account inspection, recharge order creation, and pricing retrieval. That mismatch expands the skill’s privilege and billing surface beyond its stated purpose, creating unnecessary access to credentials and payment-related operations that a caller may not expect or review carefully.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Recharge-order and pricing capabilities are unrelated to a school-detail lookup workflow and can trigger unintended financial actions or reveal commercial information. In a narrowly scoped data-retrieval skill, embedding billing features increases the chance of abuse, accidental invocation, or hidden monetization behavior.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The module can persist full API request and response payloads to local log files, which exceeds the narrow stated purpose of simply querying school details. Even though logging is disabled by default, enabling it would store potentially sensitive query inputs and returned data on disk without clear consent or minimization, increasing privacy and data-retention risk.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The code creates per-task directories and persists metadata and result data locally, which is a broader capability than a simple transient school-detail lookup. Persistent storage can retain user queries or returned data longer than expected, creating privacy, compliance, and local data-exposure risks if the host is shared or compromised.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
This module performs outbound network requests and writes persistent user-level cache data unrelated to the advertised school-detail lookup function. Even if intended for update notifications, the hidden side effect expands the skill's behavior and trust boundary, creating privacy, telemetry, and supply-chain risk if the endpoint or configuration is abused.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill includes a self-update/version-tracking capability that is not necessary for school-detail queries and therefore violates the principle of least functionality. Such code can be repurposed for environment beaconing or future update-channel abuse, especially because it triggers automatically during normal API use.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation tells users to display the contents of ~/.upkuajing/.env directly, which can expose the API key in plaintext to logs, terminals, screen sharing, chat transcripts, or the agent itself. Secrets should never be revealed just to verify presence, because disclosure can enable unauthorized API use and account abuse.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
When enabled, the logging functions write raw request parameters and response content to local files. Those payloads may contain sensitive business queries, identifiers, or other returned data, and the code provides no redaction, warning, or retention controls at the point of use.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
91% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the interface (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
85% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
94% confidence
Finding
httpx>=0.23.0

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
SKILL.md:60