@apify/kilocode-plugin gives Kilo Code agents one native tool — apify — that can run any of Apify's 20,000+ web-scraping and automation Actors and bring the results back into the conversation. Scrape Google Maps, Instagram, Amazon, TikTok, search the web, crawl a site, or invoke any Actor by slug — without a tool-per-site explosion.
Community integration. "Apify for Kilo" is built and maintained by Apify and is not officially affiliated with Kilo.
Add a single line to your kilo.jsonc:
Then set your token (get one at console.apify.com/account/integrations):
export APIFY_TOKEN="apify_api_..."Or install via the CLI, which patches your config for you:
kilo plugin @apify/kilocode-pluginThe plugin resolves the token in this order:
- Kilo auth UI — the plugin registers an "Apify API Token" auth method, so you can enter the key through Kilo's native auth flow.
- Config —
{ "token": "..." }(or{ "apiKey": "..." }) in thekilo.jsoncplugin entry. - Environment —
APIFY_API_KEYorAPIFY_TOKEN.
If no token is found, the plugin registers no tool (the agent never sees a tool that would fail).
One tool, three actions. The agent composes them:
| Action | What it does |
|---|---|
discover |
Search the Apify Store (query), or fetch an Actor's input schema + README (actorId). |
start |
Launch an Actor run with a JSON input; returns run references immediately (non-blocking). |
collect |
Poll the runs; return finished datasets, mark the rest pending, surface failures. |
Typical flow: discover (search) → discover (schema) → start → collect (repeat collect while allDone is false).
// 1. Learn the Actor's inputs
{ "action": "discover", "actorId": "compass~crawler-google-places" }
// 2. Launch a run (batch many targets into ONE run when possible)
{ "action": "start",
"actorId": "compass~crawler-google-places",
"input": { "searchStringsArray": ["coffee shop Prague"], "maxCrawledPlacesPerSearch": 3 },
"label": "prague-coffee" }
// 3. Collect — repeat until allDone: true
{ "action": "collect",
"runs": [{ "runId": "…", "actorId": "compass~crawler-google-places", "datasetId": "…", "label": "prague-coffee" }] }Slugs use a tilde: username~actor-name (e.g. apify~google-search-scraper), never a slash.
- Prompt-injection defense. Scraped data is wrapped in
<<<EXTERNAL_UNTRUSTED_CONTENT>>>markers (with the boundary markers sanitized out of the body) so a host that respects them won't treat scraped text as instructions. - Result-size cap. Dataset output is truncated to 50,000 characters to protect the context window.
- SSRF guard.
baseUrlmust start withhttps://api.apify.com. - Secret hygiene. Tokens are newline-stripped before use and never echoed in tool output.
| Field | Purpose |
|---|---|
token / apiKey |
Apify API token. Falls back to APIFY_API_KEY / APIFY_TOKEN. |
enabled |
Force on/off. When unset, the plugin enables itself iff a token is present. |
baseUrl |
Override the Apify API origin. Must start with https://api.apify.com. |
maxResults |
Default result cap (forward-looking; currently informational). |
enabledTools |
Subset of tools to register (only apify exists today). |
npm install
npm run build # tsc → dist/
npm run typecheck
npm test # vitest, mocked apify-clientSee CLAUDE.md for architecture notes and local end-to-end testing against a Kilo checkout.
Apache-2.0 © Apify
{ "plugin": [ ["@apify/kilocode-plugin", { "token": "{env:APIFY_TOKEN}" }] ] }