ClawHub

Apify Runner

Security checks across malware telemetry and agentic risk

Overview

This is a real Apify scraping helper, but it can automatically run third-party scraping actors with a user token and send targets to Apify without a clear confirmation step.

Review before installing if you scrape sensitive targets or use paid Apify capacity. Prefer APIFY_TOKEN or a protected config file over --token, confirm the selected Actor, pricing model, target list, batch size, and output path before full runs, and start with probe-only or small batches.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill performs network access, reads environment variables, and can read/write files, yet it does not declare those capabilities or present permission boundaries. That creates a transparency and governance gap: callers may invoke a skill that can exfiltrate tokens, send user-supplied data to third parties, or persist scraped data locally without an explicit consent/permission model.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger description is broad enough to activate on many generic scraping or social-media requests, which increases the chance the skill is invoked without clear user intent or without narrowing the target, scope, and legality of collection. In this skill, broad activation is more concerning because execution sends data to external Apify actors and websites and can initiate scraping workflows automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill does not warn users that their targets, URLs, usernames, and other scraping inputs will be transmitted to third-party Apify actors and external sites. This is a real privacy and data-handling issue because users may provide sensitive investigation targets, account identifiers, or proprietary lists without understanding they are being shared outside the local environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Accepting an API token via `--token` exposes secrets through shell history, process listings, job logs, and orchestration metadata. In agent or multi-user environments, this can leak long-lived Apify credentials to other local users or logging systems, enabling unauthorized API usage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal