apify-actor-development
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements excellent security practices for credential management. It explicitly warns against passing tokens via command-line arguments and recommends using environment variables or interactive OAuth login instead.
- [SAFE]: Includes a dedicated security section instructing developers to treat all crawled web content as untrusted input. It provides specific rules for sanitization and validation to prevent injection attacks and code execution from scraped data.
- [SAFE]: All external URLs and package references point to official vendor resources (Apify, Crawlee) or well-known standard libraries (Express, FastAPI, Uvicorn). There are no suspicious third-party dependencies or unknown domains.
- [SAFE]: Explicitly warns against insecure installation methods like piping remote scripts to a shell (curl | bash), directing users toward integrity-checked package managers instead.
- [SAFE]: Recommends the use of the
apify/logpackage which includes built-in security logic to censor sensitive data like API keys and tokens from application logs.
Audit Metadata