ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Apollo Issue Review

v1.0.0

Review Apollo ecosystem issues with a classify-first workflow (reproduce for behavior issues, evidence-check for consultative asks) and draft maintainer-grad...

2· 493·0 current·0 all-time
byJason Song@nobodyiam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name/description (review Apollo issues and draft maintainer replies) matches the SKILL.md workflow. However, the instructions expect access to repository files and many developer tools (git, rg/ripgrep, mvn, go, arthas, gh, curl, etc.) while the skill declares no required binaries, environment variables, or repo access. That mismatch (expecting a developer environment but not declaring it) is an incoherence the user should be aware of.
Instruction Scope
SKILL.md stays on-topic: it instructs the agent to classify issues, reproduce behavior or perform evidence scans, and to draft replies. It explicitly requires reading issue text/comments and scanning repo files (using tools like rg, git, mvn, go test) and to only post to GitHub after explicit confirmation. It does not instruct the agent to read unrelated system secrets or exfiltrate data to unknown endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, which is the lowest install risk. Nothing will be downloaded or written by an install step.
!
Credentials
The skill requests no environment variables or credentials, which is good, but the runtime instructions assume access to the repository and to command-line tools and (optionally) to GitHub APIs. The omission of declared required binaries/tools is disproportionate to the operational expectations. If the agent is given repository access or tokens at runtime, that materially increases the skill's capabilities — the skill does not document or justify such access.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and does not attempt to modify other skills or system-wide settings. It includes an explicit 'Publish Confirmation Gate' to require user confirmation before posting to GitHub, which reduces risk of accidental outbound actions.
What to consider before installing
This skill appears to be what it claims (an Apollo issue triage + reply workflow) but it implicitly expects a developer environment: git, ripgrep (rg), mvn, go, arthas, curl/gh, and access to the repository to scan/build/run reproductions. Before installing, confirm where the agent will run and whether it will have filesystem/repo access and any GitHub tokens. If you will run it in a shared or production environment, restrict its filesystem scope and avoid granting tokens. Also verify that the 'Publish Confirmation Gate' is enforced in the runtime (so it cannot post comments without an explicit human '发布' confirmation). If you want to reduce risk, request the skill author to (a) declare required binaries/tools, (b) document exactly what repo/file access is needed, and (c) optionally provide a mode that only performs offline analysis of supplied issue text (no repo builds or network calls).

Like a lobster shell, security has layers — review code before you run it.

latestvk9765hcm26pgscsc0dv6rb8yd581jkqk

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments