ClawHub

UpKuaJing map merchants search, discover local businesses, retail stores, and verified sellers via global map data. UpKuaJing helps field sales, distributors, and brand teams find geo-targeted merchants, analyze regional markets, and generate offline-to-online (O2O) leads — perfect for territory expansion, agent sourcing, and competitor location intelligence.

Security checks across malware telemetry and agentic risk

Overview

This is a paid UpKuaJing merchant-search integration with disclosed credential, billing, API, and local result-storage behavior, and no evidence of deception or destructive actions.

Install only if you trust UpKuaJing with your API key and merchant-search queries. Treat searches as billable, require explicit confirmation before large queries, protect or rotate the API key stored in ~/.upkuajing/.env, and periodically clean up local task_data result files if they contain sensitive business leads.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill declares no permissions while its documented behavior requires environment-variable access, reading and writing files under the user's home directory, and making network calls. This mismatch weakens user consent and platform enforcement because an operator may approve a seemingly harmless search skill without realizing it can access credentials, persist data locally, and contact multiple remote endpoints.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill is presented as a merchant search tool, but the documentation shows materially broader behavior: reading and storing API keys, checking balances, creating payment orders, querying prices, caching version data, and persisting task metadata/results locally. That behavioral expansion increases the attack surface and can lead users to authorize billing, credential handling, and data persistence they did not expect from the stated purpose.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists merchant search results, including potentially sensitive business contact and location data, to task result files without any consent prompt, retention controls, or indication of access restrictions. In a skill explicitly designed for large-scale merchant discovery and retrieval, silent persistence increases the risk of unintended data retention, secondary use, and exposure if task files are accessible to other users, logs, or downstream systems.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The version check transmits the skill name to a remote API without any visible user notice or consent. While the data sent is minimal, undisclosed outbound telemetry is a privacy and transparency issue, especially in a skill whose stated purpose is merchant-map search and does not imply background version reporting.

Credential Access

High
Category
Privilege Escalation
Content
"envFilePath": str(env_file)
        }

    # 保存到 .env 文件
    try:
        with open(env_file, 'w', encoding='utf-8') as f:
            f.write(f"{API_KEY_ENV}={api_key}\n")
Confidence
88% confidence
Finding
.env

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal