ClawHub

Apollo Overview

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only coding workflow guide with no executable behavior, though its activation wording is broad and its internal metadata has a naming mismatch.

Install this if you want a Chinese-language Apollo coding methodology guide to influence ordinary development workflows. Before relying on it, confirm with the publisher that the sysflow-overview value in _meta.json is an expected rename or packaging leftover, and review any companion Apollo skills separately because this package only lists them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill metadata is inconsistent: the provided skill context identifies the skill as 'apollo-overview', while the manifest slug is 'sysflow-overview'. Identity mismatches can cause the wrong skill to be packaged, reviewed, trusted, or invoked, which creates supply-chain and provenance risk even if there is no direct code execution in this file. In security review contexts, inconsistent identity is especially concerning because it can obscure ownership and frustrate auditability.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrases are broad enough to match common requests like starting a project, writing a plan, fixing bugs, or developing features, which can cause the skill to activate in many ordinary contexts without clear user intent. For a workflow-orchestration skill, over-triggering can inappropriately steer agent behavior, override more specific skills, and expand the blast radius of any downstream risky behavior in the Apollo suite.

VirusTotal

42/42 vendors flagged this skill as clean.

View on VirusTotal