Back to skill

Security audit

支持国际短信批量群发 / 全球 SMS批量发送,提供营销短信和商务短信,支持双方回复,一键群发短信并通过即时任务追踪与送达报告监控每一条短信状态。帮助营销人员、销售团队、运营、客服向全球客户触达、追踪短信活动效果、驱动转化与回收——适合促销短信群发、订单/物流通知、客户批量外联与召回,适用于跨境电商、外贸出海与海外用户运营。

Security checks across malware telemetry and agentic risk

Overview

This skill does what it describes: it sends and tracks paid SMS through Upkuajing, with disclosed local API-key storage and user confirmation required before billable actions.

Install only if you intend to let the agent send SMS through this provider. Treat recipient phone numbers, message content, delivery records, account balances, payment links, and the API key as sensitive; confirm costs and recipient consent before sending, and protect ~/.upkuajing/.env from sharing or backups.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes Python scripts that use environment variables, read and write files under the user's home directory, and make network requests, but it declares no explicit permissions. This creates a transparency and consent gap: a user or runtime may not realize the skill can access credentials, persist data, or contact external services, increasing the chance of unauthorized or surprising behavior.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The request/response logging helpers can persist full API parameters and responses to ~/.upkuajing/logs when ENABLE_API_LOGGING is enabled. In this skill context, those payloads may contain phone numbers, message content, delivery status, and potentially other customer data, creating local privacy leakage and retention risk beyond the core SMS-sending purpose.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This API reference documents bulk cross-border SMS sending and API key usage but provides no warning about message costs, recipient privacy, consent requirements, or the real-world impact of sending messages. In the context of a marketing-oriented SMS skill, that omission increases the chance of unauthorized messaging, privacy violations, and unexpected financial loss, even if the document is not directly executing harmful actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The function automatically writes a newly issued API key to a local .env file without an explicit pre-write consent prompt or enforcing restrictive file permissions. Storing credentials in plaintext on disk increases the risk of accidental disclosure through backups, shell tooling, misconfigured permissions, or other local processes reading the file.

Credential Access

High
Category
Privilege Escalation
Content
### **未设置API密钥**
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;
Confidence
93% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
请先检查 `~/.upkuajing/.env` 文件是否有 UPKUAJING_API_KEY;
如果未设置 UPKUAJING_API_KEY API密钥,请提示并让用户选择:
1. 用户有,由用户提供(手动添加到 ~/.upkuajing/.env 文件)
2. 用户没有,你可使用接口进行申请(`auth.py --new_key`),申请到新密钥后,会自动保存到 ~/.upkuajing/.env
等待用户选择;

### **账户充值**
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
91% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
92% confidence
Finding
httpx>=0.23.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/common.py:197

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/sms_send.py:25

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/sms_task_list.py:28

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
scripts/sms_task_record_list.py:30