apify-ecommerce
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: SKILL.md provides commands for the agent to run the run_actor.js script using Node.js. This script is used to initiate and manage scraping actors on the Apify platform.
- [EXTERNAL_DOWNLOADS]: The run_actor.js script performs network requests to api.apify.com using the fetch API. These requests are used to start scraping jobs and download the resulting datasets. These operations are restricted to the official service provider's domain.
- [CREDENTIALS_UNSAFE]: The skill utilizes an APIFY_TOKEN stored in environment variables or a .env file. This token is appended to API URLs as a query parameter during transmission to the Apify platform. While this is the standard pattern for this API, users should be aware that the token is transmitted in the URL.
- [DATA_EXFILTRATION]: User-provided search terms and configuration are sent to api.apify.com as part of the scraping request. The skill's primary function is to collect and export e-commerce data, which is then saved to local JSON or CSV files as specified by the user.
Audit Metadata