Apify Competitor Intelligence

The name/description (running Apify actors to gather competitor data) aligns with the requested artifacts: APIFY_TOKEN, Node, and the mcpc CLI. The included run_actor.js implements actor start, polling, and dataset download via api.apify.com — these are expected for this purpose.

SKILL.md instructs the agent to fetch actor schemas with mcpc and to run the provided run_actor.js; the JS enforces input validation (actor ID format, JSON input, output path) and limits network access to api.apify.com. Two minor issues: (1) SKILL.md examples pipe mcpc output to jq but jq is not declared in required binaries (could cause runtime failure), and (2) running arbitrary Apify actors runs third-party scraping code — the agent will execute remote actor logic (via Apify) which may scrape external sites and could have legal/TO S implications. The instructions include explicit sanitization rules, which improves safety if enforced.

Install is a Node package (@apify/mcpc) that provides the mcpc binary. Installing an npm package is expected for a CLI dependency; this is moderate-risk relative to instruction-only skills but proportionate to the function. The install uses the npm registry (no opaque download URLs or archive extraction), and the package produces the expected mcpc binary.

Only APIFY_TOKEN is required and declared as the primary credential. That is proportional: the skill must authenticate to apify.com to start actor runs and download datasets. Note: an APIFY_TOKEN grants ability to run actors and access datasets (and may incur billing), so users should supply a token with appropriate scope and monitor account usage.

The skill is not always-enabled and does not request system-wide persistence or elevated privileges. It does not modify other skills or global agent configuration. It will install an npm-provided mcpc binary (per install spec) which is normal for this functionality.