Back to skill

Security audit

支持全球220+国家海关贸易数据,提供批量搜索工具,帮助外贸企业快速找到采购商和供应商。通过分析进出口记录,发现目标产品采购商、交易记录。支持企业查询、HS编码、产品查询。让外贸团队基于交易数据开发高价值B2B客户、掌握竞争对手交易动态。

Security checks across malware telemetry and agentic risk

Overview

The skill matches its trade-data purpose, but it needs review because it handles a paid API key in a plaintext home-directory file and can retrieve business contact data.

Install only if you are comfortable with the skill using Upkuajing network APIs, charging your Upkuajing API balance after explicit confirmation, storing query outputs locally, and keeping the API key in ~/.upkuajing/.env. Avoid displaying or sharing that file, restrict its permissions manually if installed, and use the contact-data features only where your intended use complies with applicable privacy and outreach rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no explicit permissions, yet its instructions clearly require access to environment variables, reading and writing files under the user's home directory, and making network/API calls. This creates a transparency and consent gap: the agent may perform sensitive actions without those capabilities being formally declared, making review, sandboxing, and user approval harder.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document describes an API for retrieving company-associated emails, phone numbers, social profiles, and websites, including validity metadata, but provides no warning about privacy, consent, lawful basis, or acceptable-use constraints. In the context of a trade-intelligence skill that helps users identify importers, exporters, and buyers, this omission increases the risk of mass contact harvesting, privacy violations, and misuse for unsolicited outreach or profiling.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The code automatically sends the skill name to a remote version-check API on first use each day without any explicit user notice or consent. Although the transmitted data is limited, this creates an undisclosed outbound network call and metadata leak that can reveal tool usage patterns and enable tracking in environments where network egress or privacy expectations are strict.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
97% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
96% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
except IOError as e:
        return {
            "success": False,
            "message": f"API密钥申请成功,但保存到 .env 文件失败:{str(e)}。\n请手动设置环境变量 {API_KEY_ENV}。",
            "envFilePath": str(env_file)
        }
Confidence
87% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
94% confidence
Finding
httpx>=0.23.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:196