ClawHub

Apollo

Interact with Apollo.io REST API (people/org enrichment, search, lists).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
4 · 4.8k · 7 current installs · 7 all-time installs
by@JhumanJ
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The scripts implement Apollo API calls (GET/POST, enrichment, search) which matches the name/description. However the implementation expects a config file at an absolute path (/Users/jhumanj/clawd/config/apollo.env) rather than the relative config/apollo.env referenced in SKILL.md and the registry. The skill metadata also declares no required credentials, but the scripts require APOLLO_API_KEY and APOLLO_BASE_URL — an incoherence.
!
Instruction Scope
Runtime instructions in SKILL.md instruct creating config/apollo.env, but the scripts actually source a hard-coded file under /Users/jhumanj/clawd/config/apollo.env. The scripts only contact the declared API base URL and send X-Api-Key (expected), but reading a fixed path in another user's home is unexpected and should be verified.
Install Mechanism
There is no install spec (instruction-only), which is low risk. The included scripts rely on curl and python3, but the registry declared no required binaries — this mismatch is a minor implementation oversight to be aware of.
!
Credentials
The skill metadata lists no required environment variables or primary credential, yet the scripts require APOLLO_API_KEY and APOLLO_BASE_URL (loaded from a config file). That means the skill will access a secret (API key) but the registry/README do not declare it — users might not realize they must provide sensitive credentials or where they will be read from.
Persistence & Privilege
The skill does not request always: true and does not modify system or other-skill configs. It runs as invoked and makes network calls to the API base URL — expected for this functionality.
What to consider before installing
This skill's code appears to perform Apollo API calls and is not obviously malicious, but it has implementation mismatches you should handle before using it: - The scripts source an absolute config file at /Users/jhumanj/clawd/config/apollo.env while SKILL.md tells you to create config/apollo.env. Verify and correct the path so it points to a location you control. A malicious or unexpected file at the hard-coded path could expose secrets. - The skill uses an APOLLO_API_KEY and APOLLO_BASE_URL (sensitive credentials) but the registry lists no required envs. Do not install or run the scripts until you know where the API key will be stored; prefer storing the key in a secure place and updating the scripts to read from that location. - The scripts call curl and python3 but the skill metadata doesn't declare required binaries. Ensure your environment has (or restricts) these binaries and review what the scripts will send before providing credentials. - If you decide to use it, run the scripts in a restricted environment (local sandbox or VM) first, inspect the config file contents, and consider editing the scripts to remove the hard-coded path and to validate endpoints. If you cannot confirm these changes with the publisher, treat the skill as untrusted for any sensitive API credentials. Confidence is medium: the behavior is explainable as sloppy packaging, not clearly malicious, but the hard-coded path and undeclared secret access are meaningful red flags.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk9787bqfn7egxzvdgbn6na97ss7zhgx7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛰️ Clawdis
OSmacOS · Linux

SKILL.md

Apollo.io

Interact with Apollo.io via REST API.

Config

Create config/apollo.env (example at config/apollo.env.example):

  • APOLLO_BASE_URL (usually https://api.apollo.io)
  • APOLLO_API_KEY

Scripts load this automatically.

Commands

Low-level helpers

  • GET: skills/apollo/scripts/apollo-get.sh "/api/v1/users" (endpoint availability may vary)
  • People search (new): skills/apollo/scripts/apollo-people-search.sh "vp marketing" 1 5
  • POST (generic): skills/apollo/scripts/apollo-post.sh "/api/v1/mixed_people/api_search" '{"q_keywords":"vp marketing","page":1,"per_page":5}'

Enrichment (common)

  • Enrich website/org by domain: skills/apollo/scripts/apollo-enrich-website.sh "apollo.io"
  • Get complete org info (bulk): skills/apollo/scripts/apollo-orgs-bulk.sh "6136480939c707388501e6b9"

Notes

  • Apollo authenticates via X-Api-Key header (these scripts send it automatically).
  • Some endpoints require a master API key and a paid plan (Apollo returns 403 in that case).
  • Rate limiting is common (e.g. 600/hour on many endpoints); handle 429 responses.

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…