Back to skill
Skillv0.1.1
VirusTotal security
Apo Cli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:37 AM
- Hash
- ffe4ba06ece3f456a4a5f55218aa8e8094b801c4e39c0dbe87f123312baedb5a
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: apo-cli Version: 0.1.1 The skill is designed to interact with apohealth.de for product search and cart management. The `apo_cli.py` script uses standard Python libraries to make HTTP requests exclusively to `https://www.apohealth.de`. It stores session cookies and cart tokens in local JSON files (`apo_cookies.json`, `apo_cart.json`) within its own directory, which is a legitimate practice for a CLI tool. The `SKILL.md` explicitly instructs the agent to 'NEVER complete a purchase' and to provide a cart URL for the user to checkout themselves, which is supported by the `webbrowser.open()` call in `apo_cli.py`. There is no evidence of data exfiltration, malicious execution, persistence, obfuscation, or prompt injection attempts to subvert the agent's intended behavior.
- External report
- View on VirusTotal