ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Copper

v1.0.0

Copper CRM integration — manage people, companies, opportunities, projects, tasks, and activities via the Copper REST API. Google Workspace native CRM with r...

0· 350·0 current·0 all-time
by@aiwithabidi
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description describe a Copper CRM CLI and the code implements Copper API calls — that part is coherent. However, SKILL.md lists COPPER_EMAIL as required, but the included script never reads or uses COPPER_EMAIL. The declared requirement is unnecessary and inconsistent.
!
Instruction Scope
SKILL.md claims the skill never stores data locally and simply calls the Copper API. The runtime script does make only Copper API requests, but it also contains logic to read a .env file from a workspace path (WORKSPACE or ~/.openclaw/workspace/.env) to obtain COPPER_API_KEY if the environment variable is missing. Reading a workspace .env can expose other secrets and expands the skill's file-access scope beyond what's documented.
Install Mechanism
Instruction-only skill with no install spec and a single Python stdlib script — no external downloads or package installs. Low install risk.
!
Credentials
Primary credential COPPER_API_KEY is reasonable. But COPPER_EMAIL is declared required without justification or usage. Additionally, the script's fallback logic to parse a .env file in a workspace directory increases privilege to read local config files and could surface unrelated credentials (disproportionate to the single API token needed).
Persistence & Privilege
The skill is not always-on, does not modify other skills or system settings, and does not request extra persistent privileges. It only runs when invoked.
What to consider before installing
This skill appears to implement a Copper CRM CLI, but there are two things to consider before installing or running it: 1) COPPER_EMAIL is declared required in SKILL.md but the script never uses it — treat that as a mismatch and ask the author to remove or justify the requirement. 2) If COPPER_API_KEY is not set in the environment, the script will try to read WORKSPACE/.env (default ~/.openclaw/workspace/.env) to extract COPPER_API_KEY. That means the script may read a local .env file that could contain other secrets. To reduce risk: set COPPER_API_KEY explicitly in the environment when running, or inspect and sanitize any .env in your workspace before using the skill. Prefer running the script in an environment where WORKSPACE is controlled or unset. If you want higher assurance, request the author to: - Remove the unused COPPER_EMAIL requirement from SKILL.md (or use it in the code), - Stop searching for a workspace .env (or limit it to a skill-specific config path), - Add comments explaining why fallback file reads are needed. Given these inconsistencies and the local-file read behavior, treat the skill as suspicious until clarified.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🟤 Clawdis
EnvCOPPER_API_KEY, COPPER_EMAIL
Primary envCOPPER_API_KEY
latestvk977zfy5ttce0y9npkxtjwcmc98266fz
350downloads
0stars
1versions
Updated 7h ago
v1.0.0
MIT-0
@aiwithabidi
latest
Download

🟤 Copper CRM

Copper CRM integration — manage people, companies, opportunities, projects, tasks, and activities via the Copper REST API.

Features

  • People management — contacts with full CRUD and search
  • Company tracking — organizations, details, relationships
  • Opportunity pipeline — deals, stages, values, win rates
  • Project management — track projects with stages and tasks
  • Task management — create, assign, complete tasks
  • Activity logging — calls, meetings, notes on any record
  • Relationship mapping — see connections between records
  • Search across all entity types
  • Custom fields — read and write custom field values
  • Pipeline reports — value, velocity, conversion metrics

Requirements

VariableRequiredDescription
COPPER_API_KEYAPI key/token for Copper CRM
COPPER_EMAILYour Copper account email

Quick Start

# List people/contacts
python3 {baseDir}/scripts/copper.py people --limit 20

# Get person details
python3 {baseDir}/scripts/copper.py person-get 12345

# Create a person
python3 {baseDir}/scripts/copper.py person-create '{"name":"Jane Doe","emails":[{"email":"jane@example.com"}]}'

# Update a person
python3 {baseDir}/scripts/copper.py person-update 12345 '{"title":"VP Sales"}'

Commands

people

List people/contacts.

python3 {baseDir}/scripts/copper.py people --limit 20

person-get

Get person details.

python3 {baseDir}/scripts/copper.py person-get 12345

person-create

Create a person.

python3 {baseDir}/scripts/copper.py person-create '{"name":"Jane Doe","emails":[{"email":"jane@example.com"}]}'

person-update

Update a person.

python3 {baseDir}/scripts/copper.py person-update 12345 '{"title":"VP Sales"}'

companies

List companies.

python3 {baseDir}/scripts/copper.py companies --limit 20

company-create

Create a company.

python3 {baseDir}/scripts/copper.py company-create '{"name":"Acme Corp"}'

opportunities

List opportunities.

python3 {baseDir}/scripts/copper.py opportunities --limit 20

opportunity-create

Create opportunity.

python3 {baseDir}/scripts/copper.py opportunity-create '{"name":"Acme Deal","monetary_value":50000}'

projects

List projects.

python3 {baseDir}/scripts/copper.py projects --limit 20

tasks

List tasks.

python3 {baseDir}/scripts/copper.py tasks --limit 20 --status open

task-create

Create a task.

python3 {baseDir}/scripts/copper.py task-create '{"name":"Follow up","due_date":"2026-03-01"}'

activities

List activities for a record.

python3 {baseDir}/scripts/copper.py activities --person 12345

search

Search across all records.

python3 {baseDir}/scripts/copper.py search "Acme"

pipelines

List pipelines.

python3 {baseDir}/scripts/copper.py pipelines

pipeline-report

Pipeline summary report.

python3 {baseDir}/scripts/copper.py pipeline-report

Output Format

All commands output JSON by default. Add --human for readable formatted output.

# JSON (default, for programmatic use)
python3 {baseDir}/scripts/copper.py people --limit 5

# Human-readable
python3 {baseDir}/scripts/copper.py people --limit 5 --human

Script Reference

ScriptDescription
{baseDir}/scripts/copper.pyMain CLI — all Copper CRM operations

Data Policy

This skill never stores data locally. All requests go directly to the Copper CRM API and results are returned to stdout. Your data stays on Copper CRM servers.

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Comments

Loading comments...