apify-ecommerce

SUSPICIOUS. The core purpose aligns with Apify e-commerce extraction and the visible runtime path uses official Node functionality and an official Apify actor, so this is not clearly malicious. However, the skill is a third-party wrapper from a personal repo, reads APIFY_TOKEN from a local env file, and the actual helper script that receives the token is not provided, leaving credential/data-flow verification incomplete. Medium risk, not confirmed malware.