Apify Threads Scraper

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Threads scraping skill that coherently uses Apify, with privacy and token-handling cautions but no evidence of hidden or malicious behavior.

Before installing, confirm you are comfortable sending Threads usernames, keywords, and scraped results to Apify and using the named third-party actor. Use a dedicated Apify token if possible, keep it out of shared logs, start with small max_posts values, and handle any scraped emails, phone numbers, or profile data according to applicable privacy and platform rules.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill sends user-supplied search terms, usernames, and scraped Threads content to Apify and then prints returned data to the local console, but it does not warn the user that third-party processing and local exposure will occur. This creates a real transparency and privacy risk because operators may unknowingly transmit sensitive targets, monitoring subjects, or scraped content to an external service and expose results in logs or terminals.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal