apollo-mcp-server

Overall, the skill content is coherent with its stated purpose as a setup and usage guide for Apollo MCP Server. However, the install instructions rely on a curl | sh pattern that fetches and executes a remote script from an external URL, which is a significant supply-chain/remote-execution risk and warrants a Suspicious classification. If the install step is necessary, it should be replaced with a verifiable, signed installer from a trusted registry or provide an alternative, verifiable installation method. Excluding that, the data flows from local configuration and schema to local/remote GraphQL endpoints are standard for this type of tool and are proportionate to the stated purpose.