ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Freshsales

v1.0.0

Freshsales CRM integration — manage contacts, leads, deals, accounts, tasks, and sales sequences via the Freshsales API. Track deal pipelines, automate lead...

0· 381·0 current·0 all-time
by@aiwithabidi

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for aiwithabidi/freshsales.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Freshsales" (aiwithabidi/freshsales) from ClawHub.
Skill page: https://clawhub.ai/aiwithabidi/freshsales
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: FRESHSALES_API_KEY, FRESHSALES_DOMAIN
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install freshsales

ClawHub CLI

Package manager switcher

npx clawhub@latest install freshsales
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill declares FRESHSALES_DOMAIN as a required env var, but the bundled script never reads or substitutes that variable into API requests (API_BASE contains an unformatted '{domain}' placeholder). Requesting a domain variable that the code doesn't use is incoherent and suggests either a bug or sloppy packaging.
!
Instruction Scope
SKILL.md claims 'never stores data locally' and documents only FRESHSALES_API_KEY/FRESHSALES_DOMAIN, but the script will attempt to read a .env file from a workspace path (WORKSPACE env or ~/.openclaw/workspace/.env) to find the API key. That file lookup is not documented and is additional file system access beyond the stated instructions.
Install Mechanism
No install spec (instruction-only plus a Python stdlib script). Nothing is written to disk by an installer; risk from install mechanism is low.
!
Credentials
Only FRESHSALES_API_KEY and FRESHSALES_DOMAIN are declared (primary credential is FRESHSALES_API_KEY), which is reasonable for a CRM integration — but FRESHSALES_DOMAIN is unused and the script additionally inspects WORKSPACE and a local .env file for the API key. The implicit dependence on WORKSPACE/.env is not declared and increases the scope of environment/config access.
Persistence & Privilege
The skill is not always-enabled, does not modify other skills, and has no installer that grants persistent elevated privileges. It does read a local .env if present but does not persist new data or change system settings.
What to consider before installing
This skill appears to be a legitimate Freshsales CLI, but there are a few red flags you should address before installing or providing credentials: (1) The script never substitutes FRESHSALES_DOMAIN into API calls (API_BASE uses the literal '{domain}'), so network requests will fail or behave unexpectedly — ask the author to fix the URL construction to use the declared domain. (2) The script will look for FRESHSALES_API_KEY in a .env under WORKSPACE or ~/.openclaw/workspace/.env if the env var is not set; this file access is not documented and may read local secrets. Prefer setting FRESHSALES_API_KEY explicitly, or review the .env lookup code. (3) Because the code has these inconsistencies, treat it as untrusted until corrected: run it in a sandboxed or test environment, use a limited-scope API key, and review/patch the code to properly use FRESHSALES_DOMAIN and to avoid undocumented file reads.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🟢 Clawdis
EnvFRESHSALES_API_KEY, FRESHSALES_DOMAIN
Primary envFRESHSALES_API_KEY
latestvk97aenaqj941tnmdcegxdht2mx8284xg
381downloads
0stars
1versions
Updated 11h ago
v1.0.0
MIT-0
@aiwithabidi
latest
Download

🟢 Freshsales

Freshsales CRM integration — manage contacts, leads, deals, accounts, tasks, and sales sequences via the Freshsales API.

Features

  • Manage contacts — create, update, search, and segment
  • Lead tracking — capture, qualify, assign, and convert
  • Deal pipeline — stages, values, forecasting, and won/lost
  • Account management — company profiles and hierarchies
  • Task management — create, assign, and track sales tasks
  • Activity logging — calls, emails, meetings, and notes
  • Sales sequences — view and manage outreach campaigns
  • Search across contacts, leads, deals, and accounts
  • Reports — pipeline value, conversion rates, activity metrics
  • Filters — custom views with field-level filtering

Requirements

VariableRequiredDescription
FRESHSALES_API_KEYAPI key/token for Freshsales
FRESHSALES_DOMAINYour Freshsales domain (e.g. yourorg.freshsales.io)

Quick Start

# List contacts
python3 {baseDir}/scripts/freshsales.py contacts --limit 20

# Get contact details
python3 {baseDir}/scripts/freshsales.py contact-get 12345

# Create a contact
python3 {baseDir}/scripts/freshsales.py contact-create '{"first_name":"Jane","last_name":"Doe","email":"jane@example.com"}'

# Update a contact
python3 {baseDir}/scripts/freshsales.py contact-update 12345 '{"lead_score":85}'

Commands

contacts

List contacts.

python3 {baseDir}/scripts/freshsales.py contacts --limit 20

contact-get

Get contact details.

python3 {baseDir}/scripts/freshsales.py contact-get 12345

contact-create

Create a contact.

python3 {baseDir}/scripts/freshsales.py contact-create '{"first_name":"Jane","last_name":"Doe","email":"jane@example.com"}'

contact-update

Update a contact.

python3 {baseDir}/scripts/freshsales.py contact-update 12345 '{"lead_score":85}'

leads

List leads.

python3 {baseDir}/scripts/freshsales.py leads --limit 20 --sort updated_at

lead-create

Create a lead.

python3 {baseDir}/scripts/freshsales.py lead-create '{"first_name":"John","company":"Acme"}'

deals

List deals.

python3 {baseDir}/scripts/freshsales.py deals --limit 20

deal-create

Create a deal.

python3 {baseDir}/scripts/freshsales.py deal-create '{"name":"Acme Upgrade","amount":50000}'

deal-update

Update deal stage.

python3 {baseDir}/scripts/freshsales.py deal-update 789 '{"deal_stage_id":3}'

accounts

List accounts.

python3 {baseDir}/scripts/freshsales.py accounts --limit 20

tasks

List tasks.

python3 {baseDir}/scripts/freshsales.py tasks --limit 10 --status open

task-create

Create a task.

python3 {baseDir}/scripts/freshsales.py task-create '{"title":"Follow up with Acme","due_date":"2026-03-01"}'

search

Search across all entities.

python3 {baseDir}/scripts/freshsales.py search "Acme"

activities

List recent activities.

python3 {baseDir}/scripts/freshsales.py activities --limit 20

pipeline

Pipeline summary.

python3 {baseDir}/scripts/freshsales.py pipeline

Output Format

All commands output JSON by default. Add --human for readable formatted output.

# JSON (default, for programmatic use)
python3 {baseDir}/scripts/freshsales.py contacts --limit 5

# Human-readable
python3 {baseDir}/scripts/freshsales.py contacts --limit 5 --human

Script Reference

ScriptDescription
{baseDir}/scripts/freshsales.pyMain CLI — all Freshsales operations

Data Policy

This skill never stores data locally. All requests go directly to the Freshsales API and results are returned to stdout. Your data stays on Freshsales servers.

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Comments

Loading comments...