Back to skill

Security audit

联系方式有效性校验,验证电话号码有效、无效、座机、手机、是否注册WhatsApp多种状态,验证邮箱地址有效和无效,支持网站域名有效、无效。帮助销售团队、招聘人员、贸易商验证联系数据(邮箱验证、手机号验证、域名校验)、减少退信邮件、提升外联与冷启动效率——是 CRM 数据清洗、候选人筛查、供应商核验、邮件列表清洗的必备工具,适用于外贸邮件群发前清洗、招聘背调与采购商核实。

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for contact validation, but it also includes local credential storage, account/billing helpers, and an under-disclosed version check that users should review before installing.

Install only if you are comfortable giving this skill an Upkuajing API key, sending contact-validation inputs to the provider, and using its account/recharge helpers. Review any payment URL before opening or paying, avoid sharing the ~/.upkuajing/.env contents in chat, and consider using a platform secret store or restricted file permissions for the API key.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (14)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no permissions, but its documented behavior clearly requires environment-variable access, local file reads/writes, and network calls. This mismatch undermines user consent and platform policy enforcement because the agent can access credentials, persist data, and contact external services without those capabilities being transparently declared.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a contact-info validity checker, but the documentation expands it into credential provisioning, account lookup, pricing retrieval, billing/recharge order creation, and version-check network activity. This broader behavior increases the attack surface and creates opportunities for unexpected sensitive actions, especially those involving account state, payments, and local secret storage.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documentation broadens the skill from simple validation into account administration and billing workflows, including API key issuance, account info retrieval, pricing, and recharge handling. Even if user-driven, these are materially different privileged actions that expose secrets and financial/account operations beyond the stated purpose.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Creating recharge or payment orders is a billing capability unrelated to the core function of checking contact validity. In an agent setting, this is dangerous because it can steer users into financial actions and external payment flows that they may not expect from a verification tool.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file implements API key provisioning, account lookup, recharge order creation, and pricing queries, which materially exceed the declared skill purpose of validating contact information. This mismatch is dangerous because users may invoke a seemingly low-risk data-validation skill that actually enables account management and spending-related actions against an external service.

Context-Inappropriate Capability

High
Confidence
96% confidence
Finding
Recharge-order creation and account/pricing management are unrelated to the advertised validation workflow and introduce financial-action capability into a non-financial skill. In context, this increases the chance of deceptive use, accidental invocation, or unauthorized spending through an agent that operators would not expect to handle billing operations.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
This module adds network-based version checking and upgrade notification behavior that is unrelated to the declared contact-validity function of the skill. Even if intended for maintenance, it creates an extra outbound communication path, leaks skill usage/installation metadata to a remote service, and expands the attack surface if the configured API endpoint is compromised or manipulated.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The code performs self-update checking by posting the skill name to a server and acting on the returned version information, despite this capability not being justified by the skill’s business purpose. In a security review, hidden or non-essential update channels are risky because they can enable tracking, unexpected network behavior, and social engineering around upgrades, especially if users trust stderr notices to run commands.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
91% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
93% confidence
Finding
httpx>=0.23.0

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
88% confidence
Finding
auth=False

Unsafe Defaults

Medium
Category
Tool Misuse
Content
pass  # 如果读取失败,继续执行

    # 不需要认证申请新密钥
    response = make_request('/agent/auth/create', {}, require_auth=False)

    # 检查是否申请成功
    if response.get('code') != 0:
Confidence
88% confidence
Finding
require_auth=False

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196