Skills
skills/openclaw/skills/apify-lead-generation/Gen Agent Trust Hub

apify-lead-generation

Fail

Audited by Gen Agent Trust Hub on Feb 20, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • CREDENTIALS_UNSAFE (HIGH): The skill uses grep and xargs to read APIFY_TOKEN from a .env file, which is a sensitive credential store.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install the @apify/mcpc package globally, introducing an unverified external dependency.
  • COMMAND_EXECUTION (MEDIUM): The skill executes shell commands (node, mcpc) with dynamic parameters like ACTOR_ID and JSON_INPUT, creating a risk for command injection.
  • PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection from scraped web data. Evidence: 1. Ingestion points: Scraped data from various platforms in Step 4 and 5. 2. Boundary markers: Absent. 3. Capability inventory: Shell execution (node, mcpc). 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 20, 2026, 12:21 AM