ClawHub

Google Maps Extractor Apify

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Apify-based Google Maps extractor with optional public contact enrichment and no hidden local persistence or destructive behavior.

Install this only if you are comfortable sending Google Maps search inputs and URLs to Apify using your APIFY_TOKEN. Use budget limits, keep runs scoped, collect only fields needed, and make sure any contact enrichment complies with privacy, anti-spam, and data protection rules that apply to your use case.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill promotes collecting emails, phone numbers, and social links from business websites but does not warn about privacy, consent, retention, or downstream compliance obligations. Even if the data is publicly accessible, bulk collection and enrichment of contact information can create privacy, regulatory, and misuse risks, especially when used for lead generation or CRM enrichment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest’s default prompt instructs the agent to run an external Apify actor using APIFY_TOKEN, but it provides no user-facing disclosure that external network calls will occur or that a credential will be used on the user’s behalf. This can lead to unintended third-party data transfer, surprise credential use, and reduced ability for users or reviewers to assess the privacy and security implications of invoking the skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal