ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apollo Workflow

v2.0.2

把你的想法变成能用的代码:先想清楚,再一步一步做出来。每步有检查点,不完成不往下走。

0· 71·0 current·0 all-time
by@nic-yuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a workflow/orchestration tool for coding tasks and only declares 'git' as a required binary, but the included scripts and docs call python3, pip3, 'openclaw' CLI, 'gh', pnpm, cargo, go, pytest and other tools. It also writes state into /root/.openclaw/workspace — that runtime filesystem requirement is not declared. These missing/deferred tool and path requirements are disproportionate to what the metadata claims.
!
Instruction Scope
SKILL.md + reference docs direct the agent to: create/commit files, run test suites, push/merge branches, and even delete branches (force delete). The references instruct installing pytest with '--break-system-packages' (a risky operation) and use CLI commands (gh, openclaw sessions) that may have side effects. The scripts themselves read/write state and gate files under /root/.openclaw/workspace which gives the skill broad local persistence. These behaviors are within a dev-workflow's domain but are potentially destructive and require explicit declared tooling and safety checks.
Install Mechanism
No install spec (instruction-only + bundled scripts). That lowers supply-chain risk compared with arbitrary downloads. The scripts are present in the skill bundle (will be written to disk when installed), which is expected for this type of skill.
!
Credentials
The skill declares no environment variables or credentials, yet its flow expects to interact with git remotes, GH CLI (gh), and possibly push/PR. It also references the 'openclaw' CLI for session listing/inspection. Requiring no credentials while operating on remotes or invoking external CLIs is inconsistent: either the skill should declare needed tokens/credentials or avoid remote operations. Also recommends a pip install with '--break-system-packages', which is a privileged action unrelated to the skill metadata.
Persistence & Privilege
always:false (good). The skill writes and maintains state/gate files under /root/.openclaw/workspace/.workflow — persistent local state is expected for a workflow tool, but the use of the root path and creation of gate files means it will create and modify files in the agent environment. This is normal for this purpose but you should be aware it can alter repo state and local files.
What to consider before installing
What to check before installing or running this skill: - Inspect scripts locally first: scripts will create/modify files under /root/.openclaw/workspace/.workflow and update state.json and gate files. Run them in a throwaway container or non-root account first. - Ensure required tools are available: python3, pip3, git, the OpenClaw CLI (openclaw), and optionally gh/pnpm/cargo/go depending on your repo — the skill only declared 'git'. - Be cautious about remote actions: Phase 5 includes git push/merge and branch deletion. Do not let the agent push or delete branches unless you explicitly grant it remote credentials and you trust the exact commands. - Do NOT run the pip install recommendation with '--break-system-packages' on a shared/system environment; prefer virtualenvs or a controlled test environment. - Metadata mismatch: _meta.json values differ from the skill manifest (owner/slug); this suggests copy-and-edit or bundling errors — verify provenance before trusting. - If you plan to use Subagent-Driven mode, confirm how sessions_spawn is authorized and whether spawned sessions can access tokens or network resources. If you want help: I can list the exact commands the skill would run for a given phase, extract all external CLI/tool references from the bundle, or prepare a safe sandbox run plan.

Like a lobster shell, security has layers — review code before you run it.

latestvk971p7t0ev83v4bg21555x8qrn84dye6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgit

Comments