v1.0.6

UpKuaJing Customs Trade Company Search

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:21 AM.

Analysis

This skill appears purpose-aligned for paid UpKuaJing trade-data searches, but users should be careful because it uses an API key, can spend API balance, creates top-up orders, and stores some results locally.

GuidanceThis looks like a legitimate paid API integration rather than malicious behavior. Before installing, verify you trust the UpKuaJing account/API key handling, confirm costs before any search or contact lookup, use a dedicated API key if possible, and periodically clean up local task data if the results are sensitive.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

**All API calls incur fees** ... **Any operation that incurs fees must first inform and wait for explicit user confirmation. Do not execute in the same message as the notification.**

The skill clearly discloses that API calls cost money and includes a confirmation rule. This is purpose-aligned, but fee-incurring tool use deserves user attention.

User impactSearches, contact lookups, and detail enrichment can spend the user's UpKuaJing API balance if run.

RecommendationBefore approving a run, check the requested query_count, number of company IDs, and expected fee count.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/auth.py

def new_rec_order() -> dict:
    """
    创建充值订单，返回支付地址
    """
    response = make_request('/auth/pay/url', {})

The auth helper can create a top-up order and return a payment URL. It does not show automatic payment, but it is still account/finance-adjacent behavior.

User impactThe agent may generate a recharge/payment link for the user to open and pay manually.

RecommendationOnly use the payment link if you intended to top up, and verify the URL and amount before paying.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

httpx>=0.23.0

The dependency is specified with a lower-bound version rather than an exact pinned version, so a future package version may be installed.

User impactInstalling dependencies later could pull a newer httpx release than the one the author tested.

RecommendationInstall in a virtual environment and consider pinning or reviewing dependency versions in controlled environments.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

scripts/version_check.py

升级命令: clawhub update {skill_name}

The skill performs a version check and prints an update command, but the artifacts do not show automatic update execution.

User impactThe user may see upgrade prompts during API use.

RecommendationReview updates before running any update command.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

SKILL.md

This skill requires an API key. The API key is stored in the `~/.upkuajing/.env` file

The skill uses a persistent credential for the user's UpKuaJing account, which is expected for this API integration but gives the agent access to paid account functionality.

User impactAnyone using the skill should understand that the agent can use the UpKuaJing API key to access account-backed API services.

RecommendationUse a dedicated API key where possible, keep it private, monitor API usage, and remove or rotate the key if you stop using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

scripts/common.py

TASK_DATA_DIR = os.path.join(SKILL_BASE_DIR, 'task_data')

Search scripts use task IDs and append result data for resumable searches, so trade/company search results and task metadata may persist locally.

User impactSearch results, cursors, and query metadata may remain on disk after the task completes.

RecommendationReview or delete the skill's task_data directory if the search results are sensitive or no longer needed.