review-site-scraper

SUSPICIOUS: The skill’s purpose matches review scraping, and the required APIFY_API_TOKEN is proportionate. However, its real footprint relies on remote execution of third-party Apify actors, so data and credentials flow through hosted code not operated by the review platforms and not pinned as immutable artifacts. This is not confirmed malware, but it is a medium-risk credential-forwarding and remote supply-chain pattern.