Google Maps B2B Lead Goldmine

This skill appears to do what it says (use Apify to scrape Google Maps and enrich leads), but there are two practical issues to weigh before installing/using it: - Missing credential declaration: The registry metadata lists no required env vars, yet SKILL.md requires you to export an APIFY_TOKEN and hints at using Claude AI. Treat that as a red flag — ask the publisher to update metadata so you know exactly what secrets you'll need to provide. - Privacy, legality and terms-of-service: Scraping Google Maps and extracting contact details and emails can violate Google/website terms of service and may involve personal data. Confirm you have the right to collect and use this data, and check Apify and Google terms and any regional privacy rules (e.g., GDPR). - Operational safety: The README recommends installing npm packages and invoking third-party Apify actors. Only install dependencies you trust, verify the actor IDs/owners (e.g., 'compass~crawler-google-places' vs 'apify/website-content-crawler') to ensure you are calling legitimate actors, and monitor billing/usage on your Apify account. - Mitigations: Use a dedicated Apify account and a token with limited permissions; do not reuse high-value credentials. Ask the skill author for an explicit list of required env vars and any external endpoints the skill will contact (including where personalization via 'Claude AI' runs and what credentials it needs). If the author cannot or does not provide clear metadata and source, treat the skill as higher risk and avoid providing long-lived or privileged secrets.