📦 Apollo Issue Review — Apollo问题评审
v1.0.0采用“先分类”工作流,自动审查 Apollo 生态 issue:行为类问题先复现,咨询类问题先验证证据,并生成 maintainer 级别回复草稿,提升维护效率。
2· 515·0 当前·0 累计
by 下载技能包
最后更新
2026/4/22
安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears to be what it claims (an Apollo issue triage + reply workflow) but it implicitly expects a developer environment: git, ripgrep (rg), mvn, go, arthas, curl/gh, and access to the repository to scan/build/run reproductions. Before installing, confirm where the agent will run and whether it will have filesystem/repo access and any GitHub tokens. If you will run it in a shared or production environment, restrict its filesystem scope and avoid granting tokens. Also verify that the '...详细分析 ▾
⚠ 用途与能力
The skill's name/description (review Apollo issues and draft maintainer replies) matches the SKILL.md workflow. However, the instructions expect access to repository files and many developer tools (git, rg/ripgrep, mvn, go, arthas, gh, curl, etc.) while the skill declares no required binaries, environment variables, or repo access. That mismatch (expecting a developer environment but not declaring it) is an incoherence the user should be aware of.
✓ 指令范围
SKILL.md stays on-topic: it instructs the agent to classify issues, reproduce behavior or perform evidence scans, and to draft replies. It explicitly requires reading issue text/comments and scanning repo files (using tools like rg, git, mvn, go test) and to only post to GitHub after explicit confirmation. It does not instruct the agent to read unrelated system secrets or exfiltrate data to unknown endpoints.
✓ 安装机制
This is an instruction-only skill with no install spec and no code files, which is the lowest install risk. Nothing will be downloaded or written by an install step.
⚠ 凭证需求
The skill requests no environment variables or credentials, which is good, but the runtime instructions assume access to the repository and to command-line tools and (optionally) to GitHub APIs. The omission of declared required binaries/tools is disproportionate to the operational expectations. If the agent is given repository access or tokens at runtime, that materially increases the skill's capabilities — the skill does not document or justify such access.
✓ 持久化与权限
The skill does not request persistent/always-on presence (always: false) and does not attempt to modify other skills or system-wide settings. It includes an explicit 'Publish Confirmation Gate' to require user confirmation before posting to GitHub, which reduces risk of accidental outbound actions.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/2/21
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install apollo-issue-review
镜像加速npx clawhub@latest install apollo-issue-review --registry https://cn.longxiaskill.com