Back to skill

Security audit

UpKuaJing SMS messaging tool, send bulk SMS and monitor delivery reports with instant task tracking. UpKuaJing helps marketers, sales teams, and operations reach customers globally, track SMS campaigns, and drive conversions — perfect for promotions, notifications, two-factor authentication, and client outreach.

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed paid SMS provider skill; it handles sensitive SMS, contact, credential, and billing data, but the artifacts do not show deception or unrelated access.

Install only if you trust UpKuaJing with recipient phone numbers, SMS message bodies, delivery records, billing activity, and the UPKUAJING_API_KEY. Prefer setting the API key through your environment or a managed secrets store instead of plaintext ~/.upkuajing/.env, review any SMS send or top-up prompt carefully, and expect normal use to contact openapi.upkuajing.com and keep a small local version cache.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions while its documented behavior requires environment access, reading and writing files under ~/.upkuajing/.env, and making network requests. This under-declaration weakens user trust and reviewability because consumers cannot accurately assess what the skill is capable of before running it.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill is presented as an SMS send/query tool, but the documented workflow also covers account creation, credential storage, account info retrieval, payment order creation, and remote version checks. That mismatch expands the operational and financial attack surface beyond user expectations, increasing the chance of unauthorized account changes, credential handling, or payment-related actions.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The helper sends arbitrary caller-supplied parameters to a remote API endpoint without any built-in disclosure, confirmation, or data-minimization guardrails. In an agent skill context, this can cause users or higher-level tooling to unintentionally transmit phone numbers, message content, task metadata, or other sensitive business data off-host to the vendor service.

Credential Access

High
Category
Privilege Escalation
Content
### **API Key Not Set**
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the API (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;
Confidence
89% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
First check if the `~/.upkuajing/.env` file has UPKUAJING_API_KEY;
If UPKUAJING_API_KEY is not set, prompt the user to choose:
1. User has one: User provides it (manually add to ~/.upkuajing/.env file)
2. User doesn't have one: You can apply using the API (`auth.py --new_key`), the new key will be automatically saved to ~/.upkuajing/.env
Wait for user selection;

### **Account Top-up**
Confidence
90% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
85% confidence
Finding
.env

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.