Apollo
PassAudited by ClawScan on May 13, 2026.
Overview
Apollo is a disclosed ClawLink integration for Apollo sales data; its main risks are the normal ones of installing ClawLink, connecting an Apollo account, and approving any record changes.
Before installing, verify the ClawLink plugin and service, connect only the intended Apollo workspace with appropriate permissions, treat Apollo contact/outreach data as sensitive, and carefully review any preview before confirming writes or bulk changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will not work until the user installs and trusts the ClawLink plugin.
The skill depends on a separate plugin that is not included in the artifact set. The install is user-directed and purpose-aligned, but users still need to trust that plugin source.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install only from the expected ClawHub source, verify ClawLink using the provided verification resources, and keep the plugin updated.
ClawLink/OpenClaw can access Apollo data and tools allowed by the connected account and approved scopes.
The skill requires delegated authorization through ClawLink and Apollo. This is expected for an Apollo integration, but it grants account-level access according to the connected scopes and permissions.
ClawLink ... handles hosted connection flows and credentials ... The user clicks through the Apollo login and authorization screen.
Connect only the intended Apollo workspace, use least-privileged accounts/scopes where possible, and revoke the ClawLink/Apollo connection when no longer needed.
Approved actions could change prospect or outreach data in Apollo.
The skill can mutate Apollo business records, but the artifacts explicitly require preview and user confirmation for writes and bulk/destructive actions.
Create or update prospect records after confirmation ... Ask for confirmation before destructive, external-facing, or bulk write actions.
Review previews carefully, confirm the exact records and scope before writes, and avoid bulk or destructive changes unless clearly intended.
Apollo connection details, tool calls, and returned business data may pass through ClawLink as part of normal operation.
Apollo access is brokered through the external ClawLink service and dynamic tool catalog. The data boundary is disclosed, but Apollo data and credentials are still mediated by a third party.
Powered by ClawLink ... an integration hub ... The resulting device credential is stored locally ... and is only sent to `claw-link.dev`.
Review ClawLink’s documentation, privacy/security posture, and organizational policy before connecting sensitive Apollo data.