ClawHub

Apollo.io Enrichment

v1.3.0

Apollo.io contact and company enrichment API. Enrich people with email, phone, title, company data. Enrich organizations with industry, revenue, employee count, funding. Search for prospects. Use when the user needs to enrich contacts, find emails, lookup company info, or search for leads.

2· 2.3k·3 current·3 all-time
bycaptmarbles@capt-marbles
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description, SKILL.md, and included apollo.py are coherent: the code talks to api.apollo.io and implements person/company enrichment and search. However, the registry metadata claims no required environment variables or primary credential while both SKILL.md and the code require the APOLLO_API_KEY environment variable — an inconsistency between what the skill says it needs and what it actually requires.
Instruction Scope
SKILL.md and apollo.py keep scope to Apollo API calls. The script only reads a user-supplied JSON file for bulk enrich and the APOLLO_API_KEY env var; it does not attempt to read other system files, sweep environment variables, or post data to any endpoint other than api.apollo.io. Filtering and formatting are local. No vague instructions granting broad discretionary access are present.
Install Mechanism
There is no install spec; this is instruction + bundled script. That minimizes install-time risk because nothing is downloaded or extracted at install time.
!
Credentials
The code requires a secret APOLLO_API_KEY (sourced from the APOLLO_API_KEY environment variable) which is appropriate for this integration. However, the skill's registry metadata does not declare that required environment variable or a primary credential — this mismatch is a red flag (could be an oversight or bad packaging). Apart from that single key, no other secrets are requested, which is proportionate for the stated purpose. Note also that using the key causes the skill to transmit contact/company data to Apollo's servers, so privacy/consent and billing/credits should be considered.
Persistence & Privilege
The skill does not request persistent or elevated platform privileges (always=false). It does not modify other skills or system-wide config. It runs as a user-invoked CLI script and can be invoked autonomously by the agent (the platform default), which is expected for skills.
What to consider before installing
Before installing or enabling this skill, note the main inconsistency: the code and SKILL.md require APOLLO_API_KEY but the registry metadata does not declare it. Ask the publisher to update the metadata to explicitly require APOLLO_API_KEY so you can see what secrets the skill needs. Treat the API key as sensitive — grant a key with minimal scope, monitor its usage, and avoid sending highly sensitive personal data without consent (the skill transmits contact data to api.apollo.io). Because the source/publisher is unknown, consider testing in an isolated environment, reviewing the included apollo.py yourself (it calls only api.apollo.io), and checking your Apollo account for unexpected usage/charges. If you accept the risk, provide only the API key the skill needs (no broader credentials) and verify that the key's permissions and your privacy/consent posture are appropriate.

Like a lobster shell, security has layers — review code before you run it.

latestvk972jwyre3qkcmcx87kqn6a5x5801655

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments