Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a multi-skill 'Apollo' toolkit (many subcomponents like apollo-workflow, apollo-parallel, apollo-verification, etc.) but the package contains only a single instruction file and no dependencies or sub-skill implementations. There is no install spec or dependency list explaining how those sub-skills are provided. Additionally, the included _meta.json has different ownerId/slug/version values (appears to be copy-paste from a different skill), which is an incoherence in the package metadata.
Instruction Scope
The runtime instructions are high-level methodology text and trigger phrases (e.g., '开发新功能'), and do not instruct reading local files, environment variables, or external endpoints. However, they imply orchestration of multiple subagents/skills; because those subagents are not present or declared, the instructions are incomplete and may rely on the agent invoking other installed skills or external components to fulfill the workflow.
Install Mechanism
No install spec is provided and the skill is instruction-only, which minimizes installation risk (nothing is written to disk).
Credentials
The skill does not request any environment variables, credentials, or config paths, which is consistent with an instruction-only methodology guide.
Persistence & Privilege
always is false and disable-model-invocation is default (agent may invoke autonomously), which is normal. There is no request for elevated or persistent system privileges.
What to consider before installing
This package looks like a high-level playbook for an 'Apollo' agent suite rather than an actual runnable skill bundle. Before installing or relying on it: 1) Verify whether the referenced sub-skills (apollo-workflow, apollo-brainstorming, etc.) exist in your environment or are declared as dependencies; without them the skill cannot execute the described pipeline. 2) Compare the registry metadata with the shipped _meta.json — the mismatch (ownerId/slug/version) suggests copy-paste or packaging errors; ask the publisher to clarify. 3) Because it is instruction-only and requests no secrets, it does not directly expose credentials, but it may instruct the agent to call other skills that do — ensure you trust those sub-skills. 4) If you plan to use this for automated agent orchestration, test it in a constrained environment first and require a clear dependency list and updated metadata from the publisher. If the publisher cannot explain the missing sub-skills and metadata mismatch, treat it as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97dt899ns1yx9s45q00z6rqcs84arks
License
MIT-0
Free to use, modify, and redistribute. No attribution required.