Security Audit

sundial-org/awesome-openclaw-skills:skills/apollo

github.com/sundial-org/awesome-openclaw-skills

AI SkillCommit 6d998e005da6

CRITICAL

Scanned 27 days ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

sundial-org/awesome-openclaw-skills:skills/apollo received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.

SkillShield's automated analysis identified 4 findings: 4 critical, 0 high, 0 medium, and 0 low severity. Key findings include Command Injection via unquoted PATH_PART in curl URL, Command Injection via unquoted PATH_PART in curl URL (apollo-post.sh), Command Injection via unquoted QUERY parameter in curl URL.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.

Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

Behavioral Risk Signals

Network Access

4 findings

Filesystem Write

2 findings

Shell Execution

4 findings

Dynamic Code

4 findings

Security Findings4

Severity	Finding	Layer	Location
CRITICAL	Command Injection via unquoted PATH_PART in curl URL The `PATH_PART` argument, which can be influenced by user input (via LLM), is directly interpolated into the `URL` variable. This `URL` is then passed to `curl` within double quotes. While double quotes prevent word splitting, they do not prevent command substitution (`$()`, `` ` ``) or variable expansion. If `PATH_PART` contains shell metacharacters (e.g., `$(command)`), these commands will be executed by the shell before `curl` is invoked, leading to arbitrary code execution. Ensure that `PATH_PART` is properly URL-encoded before being used in the `URL` string. For example, use a Python helper to URL-encode the path segment: `PATH_PART_ENCODED=$(python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1], safe="/"))' "$PATH_PART")` and then use `$PATH_PART_ENCODED` in the URL.	LLM	scripts/apollo-get.sh:20
CRITICAL	Command Injection via unquoted PATH_PART in curl URL (apollo-post.sh) The `PATH_PART` argument, which can be influenced by user input (via LLM), is directly interpolated into the `URL` variable. This `URL` is then passed to `curl` within double quotes. While double quotes prevent word splitting, they do not prevent command substitution (`$()`, `` ` ``) or variable expansion. If `PATH_PART` contains shell metacharacters (e.g., `$(command)`), these commands will be executed by the shell before `curl` is invoked, leading to arbitrary code execution. Ensure that `PATH_PART` is properly URL-encoded before being used in the `URL` string. For example, use a Python helper to URL-encode the path segment: `PATH_PART_ENCODED=$(python3 -c 'import urllib.parse, sys; print(urllib.parse.quote(sys.argv[1], safe="/"))' "$PATH_PART")` and then use `$PATH_PART_ENCODED` in the URL.	LLM	scripts/apollo-post.sh:17
CRITICAL	Command Injection via unquoted QUERY parameter in curl URL The `QUERY` argument, which is constructed from user-controlled input in `apollo-enrich-website.sh` (`domain=$DOMAIN`) and `apollo-orgs-bulk.sh` (`organization_ids=$IDS`), is directly interpolated into the `URL` variable. If `QUERY` contains shell metacharacters (e.g., `$(command)`), these commands will be executed by the shell before `curl` is invoked, leading to arbitrary code execution. Instead of manually appending the query string, use `curl -G` with `--data-urlencode "$QUERY"` to safely pass query parameters. This will ensure that the query string is properly URL-encoded and not subject to shell expansion. Example: `curl -G "$APOLLO_BASE_URL$PATH_PART" --data-urlencode "$QUERY" ...`	LLM	scripts/apollo-get.sh:22
CRITICAL	Command Injection via unquoted JSON_BODY in curl --data The `JSON_BODY` argument, which can be influenced by user input (via LLM or direct call), is directly interpolated into the `--data` option of the `curl` command within double quotes. If `JSON_BODY` contains shell metacharacters (e.g., `$(command)`), these commands will be executed by the shell before `curl` is invoked, leading to arbitrary code execution. While `apollo-people-search.sh` uses `json.dumps` to escape its input, `apollo-post.sh` itself is vulnerable if called directly with malicious `JSON_BODY`. To safely pass JSON data, write the `JSON_BODY` to a temporary file and use `curl`'s `@` syntax (e.g., `echo "$JSON_BODY" > /tmp/data.json && curl --data @/tmp/data.json ...`). This prevents shell expansion of the JSON content.	LLM	scripts/apollo-post.sh:23

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7c002b909805ab8f.svg)](https://skillshield.io/report/7c002b909805ab8f)