Back to skill

Security audit

Apify Ultimate Scraper

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Apify scraping helper, but it can run broad third-party scrapers with the user's Apify token and gives weak warnings around contact and personal-data collection.

Install only if you are comfortable letting an agent run Apify Actors with your APIFY_TOKEN. Before each run, confirm the exact Actor, whether it came from the curated list or store search, expected cost, permission level, target site rules, result limits, and whether results may include emails, phone numbers, comments, followers, or other personal data. Handle exported CSV/JSON files as sensitive when they contain contact or profile information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is presented as a scraper for a defined set of platforms, but it explicitly supports searching the broader Apify Store and executing arbitrary Actors. That turns the skill into a general remote job orchestrator using the user's APIFY_TOKEN, which materially expands capability and risk beyond what the description suggests.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented fallback to search the Apify Store allows the agent to discover and invoke Actors outside the listed platforms and use cases. In context, this weakens user consent and reviewability because the skill can pivot from a curated scraper into a generic third-party Actor launcher.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill promotes contact extraction, email discovery, and export workflows while understating privacy and data-handling risks. In practice this can facilitate collection and local export of personal/contact data from public sources without adequate user warning, retention guidance, or consent checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.