Scraping

The skill description is largely coherent with its stated purpose of providing a multi-tier web scraping workflow that escalates through progressively heavier tools (WebFetch, Curl with Chrome-like headers, browser automation, then Bright Data MCP). There are no overt hardcoded secrets and the external-service-forwarding pattern is expected for a scraping pipeline. The mandatory local notification endpoint and the heavy reliance on external scraping services introduce potential privacy/telemetry and policy considerations, but do not by themselves indicate malicious intent. The overall footprint is proportionate to the stated purpose, though the local notification bite and third-party proxy dependence warrant careful access control and monitoring.

The Apify skill fragment largely aligns with its intended purpose: a file-based, code-first interface to Apify actors designed to reduce data exposure via in-code filtering. However, two notable concerns temper its security posture: (1) the mandatory curl-based local notification to http://localhost:8888/notify, which creates an unusual local network dependency and potential signaling risk, and (2) the explicit mention of collecting contact data (emails/phones) from Google Maps, which introduces privacy/compliance risk depending on usage and consent. Absent evidence of malicious activity, the overall risk is moderate, driven by governance and privacy considerations rather than malware or exfiltration indicators. Recommend clarifying consent controls, removing or safeguarding the local notification step, and implementing explicit data governance/retention policies for lead data.

This SKILL.md fragment describes a high-level routing manifest for web scraping that delegates work to Bright Data (proxy) and Apify (actors). The primary security concerns are third-party data flows and credential forwarding: using Bright Data and Apify centralizes scraped data and requires API keys / session credentials, which increases exposure and makes credential harvesting or data exfiltration realistic attack paths if the downstream services or configurations are compromised. The skill's broad scope (many social platforms) is disproportionate and increases attack surface and legal/TOS risk. No explicit malicious code is present in this fragment, but the design choices and missing details about credential handling, data retention, and sandboxing make this skill SUSPICIOUS from a supply-chain and data-exfiltration perspective. Recommend: require explicit, scoped credential handling guidance, minimize third-party forwarding where possible, document retention and access policies, and ensure the agent does not forward sensitive local files or secrets to third-party actors.