ClawHub

UpKuaJing contact validity check, verify phone numbers, email addresses, and domains for B2B lead qualification. UpKuaJing helps sales teams, recruiters, and traders validate contact data, reduce bounced emails, and improve outreach efficiency — essential for CRM data cleaning, candidate screening, and supplier verification.

Security checks across malware telemetry and agentic risk

Overview

This is a paid UpKuaJing contact-validation API client with disclosed credential, account, and top-up helper behavior that users should understand before use.

Install only if you are comfortable sending contact data to UpKuaJing and using a paid API. Protect ~/.upkuajing/.env because it may contain your API key, confirm fees before validation or top-up actions, and be aware the skill performs a limited daily version-check request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The documentation expands the operational scope from contact validation into billing, account information, and purchase workflows. In skill-based agent systems, scope creep is security-relevant because it increases the chance that a user invokes sensitive financial or account actions under the guise of a routine validation request.

Context-Inappropriate Capability

High
Confidence
95% confidence
Finding
Creating recharge orders and guiding users through payment is unrelated to validating contact information and introduces financial-action capability into a low-risk looking skill. This makes the context more dangerous because users may not expect a validation tool to trigger payment workflows, increasing the risk of unauthorized or socially engineered purchases.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
This file implements API key provisioning, account lookup, recharge-order creation, and pricing queries, which materially exceeds the stated purpose of a contact-info validity checker. In a skill ecosystem, this kind of scope expansion is dangerous because it introduces credential and billing operations that users may not expect, increasing the chance of unauthorized account changes or misuse.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The account-information, recharge, and pricing functions are unrelated to validating contact information and add financial/account-management capabilities to a narrowly described skill. This broadens the attack surface and can enable unexpected account enumeration, billing actions, or abuse under the guise of a benign validation tool.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file introduces automatic update-check behavior that is outside the stated purpose of validating contact information. Even though the code only checks version metadata, it adds undeclared network activity and stderr notifications, expanding the skill's behavior and trust boundary in a way users would not expect from a contact-validation utility.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
This code performs an outbound HTTP request to a remote API during normal skill operation, despite that capability being unrelated to contact validation. The request leaks the installed skill name and creates a dependency on external infrastructure, which can enable tracking, unexpected network egress, and operational risk if the endpoint is compromised or abused.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script writes a newly provisioned API key to a local .env file as a side effect, without prior explicit warning or secure-storage controls. Storing credentials in plaintext on disk can expose them to other local users, backups, logs, or accidental disclosure, especially in shared or poorly permissioned environments.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends user-supplied email addresses to a remote validation API via make_request('/validation/email', params) without any disclosure in this file that the data will leave the local environment. Email addresses are personal or business contact data, so silent transmission can create privacy, compliance, and user-consent issues, especially when the operator may assume this is a local-only validation step.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends user-supplied phone numbers to an external API endpoint via make_request('/validation/phone', params) without any visible notice, consent flow, or minimization in this file. Phone numbers are personal data, so silent transmission to a remote service can create privacy, compliance, and trust risks, especially if users believe validation is local.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill automatically transmits the skill name to an external service without any user-facing disclosure or consent. In the context of a contact-validation skill, this hidden telemetry is more concerning because users would reasonably expect validation logic, not background reporting about installed components.

Credential Access

High
Category
Privilege Escalation
Content
env_file = UPKUAJING_ENV_FILE

    if env_file.exists():
        # 读取现有的 .env 文件
        try:
            with open(env_file, 'r', encoding='utf-8') as f:
                content = f.read()
Confidence
84% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
92% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
httpx>=0.23.0
Confidence
94% confidence
Finding
httpx>=0.23.0

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal