Apify Competitor Intelligence

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Apify integration for running competitor-research scrapers with a user-provided Apify token and optional local exports.

Install only if you intend to use Apify for competitor scraping. Confirm the actor, input JSON, result limits, and export filename before running; use an Apify token with appropriate scope; monitor Apify costs and long-running jobs; and handle exported public or contact data according to platform terms, privacy law, and your organization’s retention rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill requires and uses sensitive capabilities beyond a simple declarative analysis workflow: it consumes an environment secret (APIFY_TOKEN) and makes outbound network calls, yet there is no explicit permission model surfaced to the user. That weakens transparency and reviewability, and can cause users to authorize a skill without understanding it can invoke remote actors and transfer user-supplied data off-host.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 95% confidence
Finding: The skill is presented as a bounded competitor-intelligence workflow, but the instructions allow running arbitrary Apify actors chosen via an ACTOR_ID parameter. That broadens behavior substantially: the skill can execute remote third-party automation with differing permissions and data handling, which is far more powerful than the user-facing description suggests.

Intent-Code Divergence

Medium

Confidence: 88% confidence
Finding: The security/privacy section makes reassuring claims that the script only talks to api.apify.com and does not access unrelated files or environment variables, but the skill also invokes external tools, accepts dynamic actor selection, and writes local output files. Overstated safety claims are dangerous because they can mislead users and reviewers into underestimating data exposure, storage, and remote-execution risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal