ClawHub

Google Maps Scraper Apify

Security checks across malware telemetry and agentic risk

Overview

This skill coherently runs an Apify Google Maps scraper, but users should treat contact and review scraping as privacy-sensitive.

Install only if you are comfortable giving the skill an Apify token and sending requested Google Maps scraping jobs to Apify. Use small limits and budget caps, avoid collecting reviewer profile data unless you have a clear lawful need, and handle emails, phone numbers, social links, reviews, and image-author data according to applicable privacy, platform, retention, and anti-spam rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly promotes optional website contact enrichment and reviewer personal data collection, but only provides a brief caution rather than clear privacy, legal, and data-handling guidance. In a scraping skill, this can lead users or downstream agents to collect, process, or store personal data without adequate notice, minimization, or compliance controls, increasing privacy and misuse risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes collection of business website contact details, social links, and optional reviewer-related personal data, but does not provide an explicit user-facing warning that personally identifying or contact data may be gathered and returned. This is dangerous because users may invoke enrichment or review features without informed consent, creating privacy, compliance, and data handling risks.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide explicitly enables scraping company contacts and lists output fields such as emails, phones, and social profiles, but provides no privacy, consent, or legal-compliance guidance. In a lead-generation context, this can facilitate bulk collection and downstream misuse of personal or quasi-personal contact data without guardrails, making the documentation materially risky even though it is not overtly malicious.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The guide documents options to collect reviews, review metadata, images, and image-author data, all of which may include personal data or user-generated content, but omits any warning about privacy sensitivity or retention/use constraints. Because this skill is specifically for large-scale Google Maps scraping via an Apify actor, the context increases the risk of bulk harvesting and profiling of individuals or contributors.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal