Skill Trust Decision
kuaidi-query
This skill contains critical security issues including exposed real API credentials in config.json, undeclared filesystem and network access, and a vulnerable dependency with unpinned axios version.
Most direct threat evidence
Critical Credential Theft
Hardcoded API Credentials Exposed Real Track123 API credentials are hardcoded in config.json with app_key and api_secret values. These credentials are committed to the repository and publicly visible.
config.json:2 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
3 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
28 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 3 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
What drove the risk score up
Exposed API credentials in config.json +35
Real Track123 API keys hardcoded and committed to repository
Undeclared network access +15
Makes HTTPS requests to api.track123.com without declaring network:READ
Undeclared filesystem access +10
Reads config.json and writes .cache.json without filesystem capability declaration
Unpinned dependency +8
axios uses ^1.13.6 allowing updates to potentially vulnerable versions
Most important evidence
Critical Credential Theft
Hardcoded API Credentials Exposed
Real Track123 API credentials are hardcoded in config.json with app_key and api_secret values. These credentials are committed to the repository and publicly visible.
config.json:2 Remove config.json from repository, add it to .gitignore, and use environment variables or a secrets manager for credentials
High Priv Escalation
Undeclared Network Access
The skill makes HTTPS requests to api.track123.com but SKILL.md does not declare network:READ capability in allowed-tools mapping
scripts/query.js:56 Add network:READ to allowed-tools declaration in SKILL.md metadata
High Priv Escalation
Undeclared Filesystem Access
The skill reads config.json and writes .cache.json without declaring filesystem:READ/WRITE capabilities
scripts/query.js:37 Add filesystem:READ and filesystem:WRITE to allowed-tools declaration
Medium Supply Chain
Unpinned Dependency Version
axios dependency uses ^1.13.6 which allows automatic updates to higher minor/patch versions that could contain security vulnerabilities
package.json:9 Pin axios to exact version: "axios": "1.13.6" or use a lockfile
Low Doc Mismatch
API Endpoint Mismatch
Reference docs show v2.1 API endpoints but code uses v2. Authentication method also differs (app_key in body vs Track123-Api-Secret header)
references/track123-api.md vs scripts/query.js Ensure documentation matches implementation
Declared capability vs actual capability
Network Block
Declared NONE
→ Inferred READ
scripts/query.js:56 - axios.post to api.track123.com Filesystem Block
Declared NONE
→ Inferred READ
scripts/query.js:37 - fs.readFileSync(CONFIG_PATH) Filesystem Block
Declared NONE
→ Inferred WRITE
scripts/query.js:79 - fs.writeFileSync(CACHE_PATH) Suspicious artifacts and egress
Medium External URL
https://www.track123.com/ SKILL.md:155
Medium External URL
https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz package-lock.json:17
Medium External URL
https://registry.npmmirror.com/axios/-/axios-1.13.6.tgz package-lock.json:23
Medium External URL
https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz package-lock.json:34
Medium External URL
https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz package-lock.json:47
Medium External URL
https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz package-lock.json:59
Medium External URL
https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz package-lock.json:68
Medium External URL
https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz package-lock.json:82
Medium External URL
https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz package-lock.json:91
Medium External URL
https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz package-lock.json:100
Medium External URL
https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz package-lock.json:112
Medium External URL
https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.15.11.tgz package-lock.json:127
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| axios | ^1.13.6 | npm | No | Version not pinned, uses caret range allowing updates |
File composition
9 files · 1670 lines
Markdown 3 files · 820 linesJavaScript 1 files · 525 linesJSON 5 files · 325 lines
Files of concern · 6
config.json Hardcoded API Credentials Exposed
scripts/query.js Undeclared Network Access · Undeclared Filesystem Access · https://api.track123.com/gateway/open-api/tk/v2
package-lock.json https://registry.npmmirror.com/asynckit/-/asynckit-0.4.0.tgz · https://registry.npmmirror.com/axios/-/axios-1.13.6.tgz · https://registry.npmmirror.com/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz · https://registry.npmmirror.com/combined-stream/-/combined-stream-1.0.8.tgz · https://registry.npmmirror.com/delayed-stream/-/delayed-stream-1.0.0.tgz · https://registry.npmmirror.com/dunder-proto/-/dunder-proto-1.0.1.tgz · https://registry.npmmirror.com/es-define-property/-/es-define-property-1.0.1.tgz · https://registry.npmmirror.com/es-errors/-/es-errors-1.3.0.tgz · https://registry.npmmirror.com/es-object-atoms/-/es-object-atoms-1.1.1.tgz · https://registry.npmmirror.com/es-set-tostringtag/-/es-set-tostringtag-2.1.0.tgz · https://registry.npmmirror.com/follow-redirects/-/follow-redirects-1.15.11.tgz · https://registry.npmmirror.com/form-data/-/form-data-4.0.5.tgz · https://registry.npmmirror.com/function-bind/-/function-bind-1.1.2.tgz · https://registry.npmmirror.com/get-intrinsic/-/get-intrinsic-1.3.0.tgz · https://registry.npmmirror.com/get-proto/-/get-proto-1.0.1.tgz · https://registry.npmmirror.com/gopd/-/gopd-1.2.0.tgz · https://registry.npmmirror.com/has-symbols/-/has-symbols-1.1.0.tgz · https://registry.npmmirror.com/has-tostringtag/-/has-tostringtag-1.0.2.tgz · https://registry.npmmirror.com/hasown/-/hasown-2.0.2.tgz · https://registry.npmmirror.com/math-intrinsics/-/math-intrinsics-1.1.0.tgz · https://registry.npmmirror.com/mime-db/-/mime-db-1.52.0.tgz · https://registry.npmmirror.com/mime-types/-/mime-types-2.1.35.tgz · https://registry.npmmirror.com/proxy-from-env/-/proxy-from-env-1.1.0.tgz
references/track123-api.md https://api.track123.com/gateway/open-api/tk/v2.1 · https://api.track123.com/gateway/open-api/tk/v2.1/track/query-realtime · https://docs.track123.com/
SKILL.md https://www.track123.com/
package.json Unpinned Dependency Version
Other files · examples.md · _meta.json · config.example.json
Security positives
Skill implements basic security practices like input validation for carrier codes
API credentials are validated before use with error messages
Caching mechanism uses timestamps to prevent stale data
No reverse shell, C2 communication, or obvious malicious behavior detected
Uses standard axios library instead of custom network code