Customer Support Command Center
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: afrexai-customer-support Version: 1.0.0 The OpenClaw AgentSkills skill bundle 'afrexai-customer-support' is benign. The `SKILL.md` provides comprehensive, detailed instructions for an AI agent to perform customer support operations, including ticket triage, response generation, escalation, CSAT tracking, and churn prevention. All instructions, including those related to handling sensitive data (e.g., GDPR data requests), are aligned with the stated purpose of a customer support agent and do not indicate malicious intent such as unauthorized data exfiltration, system compromise, or prompt injection designed to subvert the agent's core function. The `README.md` contains standard installation instructions and links to the developer's other skills and informational 'context packs' on legitimate platforms (GitHub Pages, Clawhub), which are not indicative of malicious activity.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected to helpdesk or messaging tools, the agent could send incorrect replies, route tickets incorrectly, or trigger workflows before a human reviews them.
This shows the skill is intended to support automated routing and customer replies. That is aligned with support operations, but the artifacts do not clearly require human review before customer-facing messages or workflow triggers.
**Automation rules** — auto-routing, canned responses, confidence-gated auto-replies
Use this skill in draft/recommendation mode by default, and require explicit approval before sending customer messages, notifying teams, changing tickets, or triggering escalation/retention workflows.
If the agent has access to billing or account-management tools, it could make financially meaningful changes or disclose account details without enough guardrails.
The billing template assumes access to account and billing data and contemplates refunds, credits, and billing-setting changes, but the metadata declares no credentials, scopes, or approval boundaries.
I've looked into your account ... [Resolution: refund processed / credit applied / explanation of charge] ... updated billing settings
Grant only narrowly scoped support permissions, separate read-only account lookup from billing mutation rights, and require human confirmation for refunds, credits, plan changes, or compensation.
Customer personal and business information may be included in prompts, summaries, reports, or future support context.
The triage checklist asks the agent to collect customer identifiers, commercial value, ticket history, and sentiment context. This is expected for support operations, but it is sensitive customer data.
customer: name, email, plan, tenure_months, ltv, previous_tickets, sentiment_history
Limit collection to necessary fields, avoid storing sensitive details in long-term memory unless approved, and ensure retention and access controls match your privacy obligations.