Apify HN Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a narrow Hacker News scraping helper that uses Apify as expected, with no evidence of hidden persistence, destructive behavior, or unrelated access.

Install only if you are comfortable sending Hacker News search terms and scrape parameters to Apify using your APIFY_TOKEN, which may also consume Apify account quota. Avoid sensitive private queries and consider using a limited token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The invocation description is overly broad and could cause the skill to activate for generic requests about tech discussions or data extraction, leading to unintended use of an external third-party service. In this context, that increases the chance that user queries are routed to Apify without clear necessity or informed consent.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill omits a user-facing disclosure that input will be transmitted to Apify and authenticated with an API token. This is risky because users may provide sensitive search terms or assume processing is local when their data is actually sent to a third-party service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal