ClawHub
Back to skill
v1.0.0

Apify Runner

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:33 AM.

Analysis

The skill is transparent about using Apify, but it can automatically select and run arbitrary Apify actors with the user's token, which can affect account usage, costs, and scraping scope.

GuidanceReview this skill before installing. If you use it, provide a dedicated Apify token, confirm the actor and scrape size before full runs, set item and cost limits, and be cautious with actors or documentation from unfamiliar third parties.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Pick the top-ranked candidate... Step 6: Full Execution ... --batch-size 50 ... --probe

The instructions allow the agent to select an Apify actor and proceed to full batched execution. This is purpose-aligned, but there is no explicit final approval, total item cap, or cost guard before launching remote actor runs.

User impactThe agent could start paid or high-volume Apify runs under the user's account, potentially scraping more data or spending more credits than intended.
RecommendationRequire user confirmation of the actor ID, input, maximum items, and expected cost before full execution; default to probe-only for unfamiliar actors.
Agent Goal Hijack
SeverityMediumConfidenceMediumStatusConcern
SKILL.md
web_fetch https://apify.com/{actor_id}.md ... Read the input schema section ... Sensible defaults from the documentation

The workflow relies on externally fetched actor documentation to shape the run input. Actor documentation can contain untrusted text, and the artifact does not tell the agent to treat non-schema instructions as untrusted.

User impactA malicious or compromised actor page could influence the agent's choices, inputs, or behavior while the agent is preparing a run with the user's token.
RecommendationOnly extract structured schema fields from fetched documentation, ignore instructions outside the schema, and ask the user to confirm any defaults derived from actor docs.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
`APIFY_TOKEN` env var, or a `config.json` with tokens ... `--token` flag ... `config.json` tokens map ... `APIFY_TOKEN` env var

The skill clearly uses an Apify credential, which is expected for this integration, but the registry metadata does not declare a primary credential or required environment variable.

User impactInstalling users may not see the credential requirement from metadata alone, and the token can authorize actor runs and dataset access in the user's Apify account.
RecommendationUse a least-privilege or dedicated Apify token, avoid pasting tokens into chat where possible, and declare the credential requirement in registry metadata.