ClawHub

Google Maps Email Extractor (Apify)

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it can run a paid third-party scraping actor that collects business and person-like contact data without a strong confirmation or privacy gate.

Install only if you are comfortable sending lead-search inputs and extracted contact data to Apify and using your APIFY_TOKEN for paid runs. Before running it, set a budget limit, scope the niche and geography tightly, and disable personal data unless you have a lawful and appropriate reason to collect it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough that an agent could select this skill for generic lead-generation requests without checking whether the user intended third-party scraping or external transmission of business contact data. In practice, that can cause over-collection, policy violations, or use of a scraping actor where a less invasive method would suffice.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill does not prominently warn that user search inputs, URLs, place IDs, and extracted lead data are sent to Apify for processing. Because the skill is designed for lead generation and data enrichment, this omission materially raises privacy, compliance, and user-expectation risks when agents submit potentially sensitive or regulated business queries to a third party.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The default prompt is broad and directly instructs the agent to build and run a specific Apify actor whenever the skill is invoked, without clear eligibility checks, user confirmation, or constraints on what targets and data are appropriate. In a lead-generation/email-extraction context, this can cause unauthorized large-scale scraping or collection of personal/business contact data beyond the user's intent, increasing privacy, compliance, and misuse risk.

Natural-Language Policy Violations

Low
Confidence
84% confidence
Finding
The prompt hard-codes a specific execution path: use this skill, construct the payload, and run actor f3dlnXVnBc6v8JMNK with APIFY_TOKEN. This reduces agent discretion and user transparency, making it easier to trigger external data collection and token-backed third-party actions without an explicit opt-in at the moment of execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The contract explicitly supports collecting person-like email addresses and personal LinkedIn URLs from public websites, but it provides no privacy notice, lawful-use constraints, or data-handling safeguards. In a lead-generation skill, this increases the risk of privacy violations, non-compliant scraping of personal data, and downstream misuse such as unsolicited outreach or profiling.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal