v0.1.1

Apo Cli

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:29 AM.

Analysis

This appears to be a coherent apohealth shopping helper, but it can change a pharmacy cart, send medication searches to apohealth.de, and store apohealth session/cart state locally.

GuidanceInstall only if you are comfortable using apohealth.de for pharmacy searches and cart building. Review product names, quantities, and prices before approving cart changes, do not let the agent complete a purchase, and protect or delete the local apo_cookies.json and apo_cart.json files if you do not want session/cart state retained.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

python3 {baseDir}/apo_cli.py cart add <variant_id> ... cart remove <variant_id> ... cart clear ... cart checkout

The skill exposes cart mutation and checkout-opening commands. This matches the pharmacy cart-management purpose and is paired with safeguards, but users should still review cart-changing actions.

User impactThe agent can add, remove, or clear items in the apohealth cart if the workflow is used.

RecommendationOnly approve cart changes after checking the product, quantity, and price; require explicit confirmation for clearing the cart or opening checkout.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

README.md

uv tool install git+https://github.com/Lars147/apo-cli

The README shows an optional user-directed install from a GitHub repository without a pinned commit. The skill's main path uses the bundled script, so this is a provenance note rather than an automatic install risk.

User impactFollowing the README install command could install whatever version is current at that repository at install time.

RecommendationPrefer the bundled reviewed script for this skill, or pin and review a specific Git commit before installing from GitHub.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

apo_cli.py

COOKIES_FILE = SCRIPT_DIR / "apo_cookies.json" ... headers["Cookie"] = format_cookie_header(self.cookies) ... save_cookies(self.cookies)

The CLI loads, sends, and saves apohealth cookies in a local JSON file. This is bounded to apohealth.de and supports cart continuity, but cookies are session-like authority.

User impactAnyone with access to the local cookie file may be able to reuse the same apohealth cart/session state.

RecommendationDo not place account-login cookies in this file, protect the skill directory, and delete apo_cookies.json/apo_cart.json when you no longer want the cart session retained.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

RESEARCH.md

X-Shopify-Storefront-Access-Token: 965d12c54028db404dcedb3f9e9c4b03

The research notes include a credential-like Shopify Storefront token. The artifact describes it as public in apohealth's HTML, and no visible code uses it, but hardcoded tokens in distributed artifacts are still worth noticing.

User impactThis does not expose the user's own credentials, but it may expose or normalize reuse of a third-party storefront token.

RecommendationTreat the token as public-only; remove or redact it from distributed docs if it is not intentionally public, and never add private API keys to these files.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

apo_cli.py

BASE_URL = "https://www.apohealth.de" ... client.get("/search/suggest.json", params)

Search queries and cart API requests are sent to apohealth.de. This is disclosed and necessary for the skill, but medication names and PZNs can reveal health interests.

User impactPharmacy search terms and cart activity may be visible to apohealth.de and its normal web infrastructure.

RecommendationAvoid entering sensitive personal health details unless you are comfortable sharing them with apohealth.de; review the site's privacy practices if needed.