Back to skill

Security audit

Phone validity check, verify phone number format and validity for B2B lead qualification. Helps sales teams, recruiters, and traders validate phone numbers, reduce invalid contacts, and improve outreach efficiency — essential for lead verification, SMS marketing, and customer data quality.

Security checks across malware telemetry and agentic risk

Overview

This skill uses a paid remote phone-validation API and includes disclosed account and billing helpers, with some privacy and local-credential handling caveats.

Install only if you are comfortable sending phone numbers to Upkuajing's remote API and using a paid API key. Review charges before running validation, protect ~/.upkuajing/.env because it may contain your API key, and be aware the skill performs a small daily version check and cache write under ~/.upkuajing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises no explicit permissions, yet its documented behavior requires environment access, reading and writing local files, and making network requests. This is dangerous because users and calling frameworks cannot accurately assess the skill's real trust boundary, which can lead to unintended credential exposure, silent local state changes, or external data transmission.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The declared purpose is phone validation, but the documented behavior extends into credential setup, account/balance inspection, pricing queries, payment order creation, and version-check caching. This mismatch is dangerous because it hides monetization and account-management operations behind a narrower description, increasing the chance that users or orchestrators invoke a broader and more sensitive workflow than intended.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements API key issuance, account information retrieval, billing, and recharge order creation, which are unrelated to the declared phone-number validation skill. That mismatch materially increases supply-chain risk because a user installing a phone validation skill would not reasonably expect embedded account-management and payment functionality.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The functions in this region expose account info, recharge order creation, and pricing lookup capabilities that are unjustified by a phone validity checker. Hidden financial/account features inside an unrelated skill broaden the attack surface and could be abused for undisclosed account interaction or user confusion-driven misuse.

Description-Behavior Mismatch

High
Confidence
92% confidence
Finding
This module performs outbound network requests and local file writes for version checking, which is outside the declared phone-validation purpose of the skill. Even if intended for update notifications, hidden auxiliary behavior increases the attack surface, creates telemetry/privacy concerns, and can be abused if the API base URL is attacker-controlled or if users do not expect unrelated network activity.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code includes a self-update/version telemetry mechanism that contacts a remote endpoint and stores check results locally, despite the skill being described only as a phone validity checker. This mismatch between declared capability and implemented behavior is dangerous because it introduces undisclosed communications and persistence that users and reviewers may not anticipate.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script writes a newly issued API key directly to a local .env file without an explicit confirmation step or warning before persistence. Persisting secrets automatically can expose credentials through weak file permissions, accidental inclusion in backups, or later disclosure by other tooling that reads dotenv files.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script sends user-supplied phone numbers to a remote API endpoint via make_request('/agent/validation/phone', params) without any explicit user-facing notice, consent prompt, or documentation in the CLI flow that sensitive personal data will leave the local environment. Phone numbers are personal data in many contexts, so silent transmission can create privacy, compliance, and trust risks, especially if users assume validation happens locally.

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
89% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
91% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196