ClawHub

Website Phone Number Finder (Apify)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Apify-based public website contact finder, but users should be careful with its default personal-data and third-party crawling settings.

Install only if you intend to send target domains or URLs to Apify for public contact extraction. Use --budget-usd to control spend, set includePersonalData=false or pass --no-personal-data unless personal LinkedIn/profile-like data is truly needed, and enable email extraction only when you have a lawful and policy-compliant reason to collect it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The sample input explicitly sets `includePersonalData` to true, which expands collection beyond the described business phone-number use case into potentially identifying information. In a contact-discovery scraping skill, this increases privacy, compliance, and misuse risk because users may copy the sample configuration directly and collect personal data without a clear business necessity or lawful basis.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill enables collection of personal data via the includePersonalData option, and that option is defaulted to true during payload normalization. That exceeds the stated skill purpose of finding public business phone numbers and related public business contacts, creating a data-minimization and privacy risk if operators unknowingly collect personal contact details.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The quick-domains path exposes a personal-data extraction capability through the includePersonalData field, again defaulting to enabled unless the caller passes --no-personal-data. In the context of a skill advertised for public business phone numbers, this creates a mismatch between user expectations and actual collection behavior.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill description and workflow normalize optional collection of emails, social profiles, and personal-profile data, but they do not present a clear user-facing warning about privacy implications or when personal data may be gathered. In a lead-enrichment context, this can cause users or downstream agents to collect and process personal data without informed consent, creating compliance and misuse risk even if the data is publicly visible.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The default prompt is broad enough to trigger the skill whenever a user mentions finding phone numbers, but it does not constrain when Apify should be used, what inputs are allowed, or whether external crawling is appropriate. This can cause the agent to invoke a third-party actor on arbitrary URLs without clear user confirmation, increasing the risk of unnecessary external data sharing, unexpected network actions, and misuse of the skill outside its intended scope.

Natural-Language Policy Violations

Low
Confidence
91% confidence
Finding
The prompt explicitly instructs the agent to run a specific Apify actor using APIFY_TOKEN, but it provides no user-consent, policy, or safety conditions for using that credentialed third-party service. This can lead to automatic transmission of user-supplied targets to an external platform and consumption of privileged resources without transparency or opt-in, which is risky even if the underlying task is legitimate.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The contract explicitly supports extracting emails, social profiles, and even personal LinkedIn URLs and person-like emails, but it provides no privacy, consent, or permitted-use warning to the user. In a lead-generation/contact-enrichment context, this increases the risk of collecting and processing personal data in ways that may violate privacy expectations, platform terms, or regulatory requirements.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal