Trust Assessment
apify-lead-generation received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Command Injection via ACTOR_ID in mcpc call, Command Injection via user-controlled arguments in node script execution, APIFY_TOKEN exposed to shell environment.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Command Injection via ACTOR_ID in mcpc call The skill constructs a shell command where the `ACTOR_ID` is directly interpolated into the command string without apparent sanitization. If `ACTOR_ID` contains shell metacharacters (e.g., backticks, semicolons, `$(...)`), an attacker could inject arbitrary shell commands, leading to remote code execution. The `APIFY_TOKEN` is also loaded into the environment for this command, increasing the impact of a successful injection. The `ACTOR_ID` must be strictly validated and sanitized to ensure it only contains allowed characters (e.g., alphanumeric, slashes, hyphens) before being interpolated into the shell command. Alternatively, use a programmatic API call to `mcpc` or its underlying library, ensuring parameters are passed as distinct arguments rather than concatenated into a shell string. | LLM | SKILL.md:59 | |
| HIGH | Command Injection via user-controlled arguments in node script execution The skill constructs shell commands to execute a Node.js script (`run_actor.js`). User-controlled inputs like `ACTOR_ID`, `JSON_INPUT`, and `OUTPUT_FILE` are directly interpolated into these shell commands. While `JSON_INPUT` is single-quoted, an attacker could potentially craft input that breaks out of these quotes or uses other shell injection techniques. `ACTOR_ID` and `OUTPUT_FILE` are double-quoted, but still vulnerable if they contain crafted input like `"; rm -rf /; echo "`. This could lead to arbitrary command execution or arbitrary file writes (e.g., path traversal in `OUTPUT_FILE`). All user-controlled inputs (`ACTOR_ID`, `JSON_INPUT`, `OUTPUT_FILE`) must be strictly validated and sanitized before being passed to the shell command. For `OUTPUT_FILE`, ensure it's a safe filename and path, preventing path traversal. Ideally, the `run_actor.js` script should be designed to accept these parameters directly from the calling environment (e.g., via process arguments or environment variables) and handle them securely internally, rather than relying on shell-level quoting for security. If shell execution is unavoidable, use a library that safely escapes arguments for the target shell. | LLM | SKILL.md:79 | |
| MEDIUM | APIFY_TOKEN exposed to shell environment The skill explicitly instructs to load the `APIFY_TOKEN` from a `.env` file and export it into the shell environment using `export $(grep APIFY_TOKEN .env | xargs)`. While this is a common pattern, it exposes the token as an environment variable to the current shell process and any child processes. In combination with potential command injection vulnerabilities, this significantly increases the risk, as an injected command could easily access and exfiltrate the `APIFY_TOKEN`. Even without injection, if the environment is compromised, the token is readily available. Avoid directly exporting sensitive credentials into the shell environment. Instead, pass credentials directly to the `mcpc` tool via a secure method (e.g., a dedicated `--token` argument if available, or a configuration file with restricted permissions). For the `node` script, `--env-file=.env` is a more secure approach as it loads variables directly into the Node.js process without exposing them broadly to the shell environment. | LLM | SKILL.md:59 |
Scan History
Embed Code
[](https://skillshield.io/report/97c7ba29569c480f)
Powered by SkillShield