Apollo
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: apollo-sales Version: 0.1.1 The apollo-sales skill bundle provides instructions for an AI agent to interact with the Apollo sales platform via the ClawLink integration hub. The skill follows standard operational patterns for OpenClaw, including plugin installation and dynamic tool discovery, and incorporates explicit safety guidelines such as requiring user confirmation for write actions and protecting credentials. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill will not work until the user installs and trusts the ClawLink plugin.
The skill depends on a separate plugin that is not included in the artifact set. The install is user-directed and purpose-aligned, but users still need to trust that plugin source.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install only from the expected ClawHub source, verify ClawLink using the provided verification resources, and keep the plugin updated.
ClawLink/OpenClaw can access Apollo data and tools allowed by the connected account and approved scopes.
The skill requires delegated authorization through ClawLink and Apollo. This is expected for an Apollo integration, but it grants account-level access according to the connected scopes and permissions.
ClawLink ... handles hosted connection flows and credentials ... The user clicks through the Apollo login and authorization screen.
Connect only the intended Apollo workspace, use least-privileged accounts/scopes where possible, and revoke the ClawLink/Apollo connection when no longer needed.
Approved actions could change prospect or outreach data in Apollo.
The skill can mutate Apollo business records, but the artifacts explicitly require preview and user confirmation for writes and bulk/destructive actions.
Create or update prospect records after confirmation ... Ask for confirmation before destructive, external-facing, or bulk write actions.
Review previews carefully, confirm the exact records and scope before writes, and avoid bulk or destructive changes unless clearly intended.
Apollo connection details, tool calls, and returned business data may pass through ClawLink as part of normal operation.
Apollo access is brokered through the external ClawLink service and dynamic tool catalog. The data boundary is disclosed, but Apollo data and credentials are still mediated by a third party.
Powered by ClawLink ... an integration hub ... The resulting device credential is stored locally ... and is only sent to `claw-link.dev`.
Review ClawLink’s documentation, privacy/security posture, and organizational policy before connecting sensitive Apollo data.