Back to skill
Skillv1.0.0
ClawScan security
Apollo Global · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 26, 2026, 9:03 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an instruction-only informational skill about Apollo Global whose requested resources and instructions match its stated purpose and contain no surprising privileges or installs.
- Guidance
- This skill appears internally coherent and safe from a security/privilege perspective because it is instruction-only and requests no credentials or installs. Before relying on its content for decisions (especially financial/investment actions), verify factual claims and numbers against primary sources (company filings, official reports, reputable financial databases). Note the small inconsistencies inside the card (AUM figures and a terse timeline item) — treat the skill as a convenience summary, not authoritative evidence. If you plan to use it in automated workflows that act on its output, ensure you add verification steps and do not allow automatic execution of financial actions based solely on this skill's text.
Review Dimensions
- Purpose & Capability
- okThe name and description claim an informational/company-profile skill and the SKILL.md content provides exactly that; there are no unrelated environment variables, binaries, or installs requested.
- Instruction Scope
- noteSKILL.md is purely a company summary and reading guidance with no commands, file reads, network endpoints, or credential access. Minor internal inconsistencies exist in the content (e.g., AUM cited as ~6000B in one place and 6800B elsewhere, and a terse timeline item about a '2022 SPAC合并上市' that should be verified). These are content-quality issues rather than security issues.
- Install Mechanism
- okNo install specification or code files are present; this is instruction-only so nothing will be written to disk or fetched at install time.
- Credentials
- okThe skill declares no required environment variables, credentials, or config paths — no secret access is requested.
- Persistence & Privilege
- okSkill is not forced-always; it is user-invocable and allows normal autonomous invocation (platform default). It does not request persistent system-wide changes or cross-skill config access.