ClawHub

Apollo Client

v2.0.3

Reference tool for devtools — covers intro, quickstart, patterns and more. Quick lookup for Apollo Client concepts, best practices, and implementation patterns.

0· 111·0 current·0 all-time
byBytesAgain2@ckchzh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description (Apollo Client reference) match the provided artifacts: SKILL.md and scripts/script.sh produce local reference documentation for listed commands. There are no unrelated required binaries, env vars, or config paths. Minor note: the package/registry versions differ across files (registry 2.0.3, SKILL.md 2.0.2, script VERSION=2.0.1), which is inconsistent but not a security risk by itself.
Instruction Scope
SKILL.md states all commands output plain-text via heredoc with no external API calls; the included script implements exactly that (various cmd_* functions that print docs). Minor inconsistency: the quickstart text in the script mentions "Required tools and access credentials," which is misleading because neither SKILL.md nor the script require or use credentials or network access.
Install Mechanism
There is no install spec (instruction-only skill). A single bash script is included but nothing is downloaded or extracted during install. Lowest-risk install profile.
Credentials
The skill declares no required environment variables and the script does not read or require any credentials, secrets, or config files. No disproportionate access to environment or secrets is requested.
Persistence & Privilege
always is false (not force-included) and the skill does not modify agent/system configuration or request persistent presence. Autonomous invocation is allowed by default but the skill's actions are local and read-only (printing docs).
Assessment
This skill appears to be a safe, local reference tool that only prints documentation. Before installing, you may want to: 1) note the version inconsistencies between registry/README/script (harmless but worth confirming you have the intended release); 2) accept that the script will be available to the agent (it’s harmless text output, but review it yourself as you did here); and 3) ignore the quickstart phrasing that mentions "access credentials" — it’s misleading text, not an actual requirement. If you want extra caution, run the skill in a sandboxed environment first or inspect the script file before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk974743rxnpt8wad0h41pqp9nn83hcgn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments