ClawHub

Apify

Security checks across malware telemetry and agentic risk

Overview

The plugin’s core Apify scraping function is coherent, but it grants broad plugin-tool permission and can expose an API key and user inputs in ways users should review before installing.

Review this before installing. Use a limited Apify token if possible, avoid entering secrets or regulated data into Actor inputs, and change the generated tools.alsoAllow entry from group:plugins to the specific apify tool unless you intentionally want all plugin tools enabled. Treat scraped results as untrusted external content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The setup helper does more than merely suppress plugin-loading warnings: when `allSelected` is true it adds `group:plugins` to `cfg.tools.alsoAllow`, which broadens execution permissions to all plugin tools rather than only the Apify tool. That creates an authorization expansion in a setup flow users may reasonably believe is only enabling this plugin, increasing risk if other plugins are present or later installed.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The setup flow always sets allSelected = true, which causes applyConfigChanges() to add 'group:plugins' to tools.alsoAllow instead of only explicitly chosen tools. This broadens tool permissions beyond the apparent intent of a selective setup and can expose additional plugin capabilities to the host application, violating least privilege.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes broad web scraping and data extraction across many platforms but does not warn users about privacy obligations, terms-of-service restrictions, or the risks of collecting personal data from third-party sites. In an agent-integrated plugin, this omission can normalize unsafe collection behavior and lead operators to run scraping jobs without understanding legal, compliance, or data-handling consequences.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The start-job examples show how to launch third-party Actors with user-provided targets but do not state that those inputs are sent to external Apify Actors or that returned data originates from untrusted external sources. Because this plugin can invoke arbitrary third-party Actors, the missing warning increases the chance that users unknowingly transmit sensitive targets or collect data with unclear provenance and handling guarantees.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The manual configuration output prints the full API key directly to stdout, which can expose the secret through terminal scrollback, shared screens, shell logging, CI logs, or session recording tools. Because this is a long-lived credential for an external service, disclosure can enable unauthorized API use and account abuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tool sends user-supplied actor IDs, queries, and arbitrary input directly to Apify and third-party Actors without a clear user-facing disclosure or consent boundary. This can expose sensitive prompts, URLs, identifiers, or other user data to external services and unvetted Actor authors, creating a data-leakage and third-party processing risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
printManualConfig() outputs the full API key directly to stdout, which can expose the secret through terminal scrollback, shell logging, screen recording, shared sessions, or CI logs. Because this is a long-lived credential for an external service, disclosure can allow unauthorized API use and account abuse.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This tool is explicitly designed to discover and run arbitrary Apify Actors, which means it can transmit user-provided inputs and trigger third-party scraping/execution without any built-in consent step, allowlist, or warning at execution time. In an agent setting, that creates a real data-governance and safety risk: an upstream prompt or indirect instruction could cause sensitive URLs, queries, or identifiers to be sent to Apify or to untrusted Actors.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The tool wraps scraped dataset output as external content but sets includeWarning: false, suppressing a prominent warning that the returned text is untrusted. That increases the chance that downstream agents or users will treat scraped content as trusted instructions or facts, enabling prompt-injection-style attacks and unsafe decision-making based on malicious webpage content.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal