ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GHL CRM Pro

GoHighLevel CRM integration — manage contacts, pipelines, conversations (SMS/email/WhatsApp), calendars, appointments, and workflows through the GHL API v2....

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 561 · 0 current installs · 0 all-time installs
by@aiwithabidi
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
Name/description match the code: this is a GoHighLevel API wrapper. However the declared metadata lists only GHL_API_KEY as a required env, while both SKILL.md and the included Python script require GHL_LOCATION_ID as well. That mismatch is incoherent and would cause runtime failures or surprising behavior if the agent assumes only one credential is needed.
Instruction Scope
SKILL.md gives concrete CLI usage that maps to functions in scripts/ghl_api.py and limits network traffic to the documented GHL base URL. The instructions do not ask the agent to read unrelated system files or transmit data to third‑party endpoints beyond services.leadconnectorhq.com. Note: the Quick Start and script both require setting GHL_LOCATION_ID, which is not listed in the declared requires.env metadata.
Install Mechanism
No install spec (instruction-only skill) and the included Python file is straightforward. No downloads or external installers are invoked. This is a lower install risk.
!
Credentials
The skill declares a single required env (GHL_API_KEY / primary credential) but the runnable script enforces both GHL_API_KEY and GHL_LOCATION_ID. Requiring an API key is appropriate for this integration, but the missing declared GHL_LOCATION_ID is a proportionality/information inconsistency. Also the skill's source is unknown (homepage provided but owner is unverified), so handing over a long‑lived GHL private integration token to this third party warrants caution.
Persistence & Privilege
always is false, no special persistence or system config paths are requested, and the skill does not attempt to modify other skills or system settings. Autonomous invocation is allowed (platform default) but is not combined with other high‑risk privileges here.
What to consider before installing
This skill appears to be a legitimate GoHighLevel API wrapper, but there are two things to check before installing: (1) Metadata mismatch — the skill metadata only lists GHL_API_KEY, but both the SKILL.md Quick Start and the included script require GHL_LOCATION_ID as well. If you install and only provide the API key the script will exit. (2) Source trust — the skill's owner and source are not clearly verified; the homepage is provided but the package origin is unknown. Do not supply your primary/production GHL API key without considering scope and rotation: create a private integration token with minimal scopes or a test sub‑account/location token, verify the homepage/author, and review scripts/ghl_api.py yourself. If you proceed, limit the token scopes, rotate the token afterward, and run the skill in a controlled environment. If you want, I can point out the exact lines in scripts/ghl_api.py related to the GHL_LOCATION_ID requirement or help craft a least‑privilege token creation checklist.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
agxntsixvk97ctg31mr4jcmsm13f40fk7d1816j7xlatestvk97ctg31mr4jcmsm13f40fk7d1816j7x

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📞 Clawdis
EnvGHL_API_KEY
Primary envGHL_API_KEY

SKILL.md

GHL CRM — GoHighLevel Integration for OpenClaw

Complete GoHighLevel CRM integration. Manage contacts, pipelines, conversations, appointments, and workflows through the GHL API v2.

Quick Start

export GHL_API_KEY="your-private-integration-token"
export GHL_LOCATION_ID="your-location-id"
python3 {baseDir}/scripts/ghl_api.py contacts search "john@example.com"

Authentication

GHL uses Private Integration Tokens (API v2). Get yours from:

  1. Go to Settings → Integrations → Private Integrations in your GHL sub-account
  2. Create a new integration, enable the scopes you need
  3. Copy the API key — this is your GHL_API_KEY

The GHL_LOCATION_ID is your sub-account/location ID (found in Settings → Business Info or the URL).

Base URL: https://services.leadconnectorhq.com

Auth header: Authorization: Bearer <GHL_API_KEY> + Version: 2021-07-28

Available Commands

Contact Management

# Search contacts by email, phone, or name
python3 {baseDir}/scripts/ghl_api.py contacts search "query"

# Get contact by ID
python3 {baseDir}/scripts/ghl_api.py contacts get <contactId>

# Create a new contact
python3 {baseDir}/scripts/ghl_api.py contacts create '{"firstName":"John","lastName":"Doe","email":"john@example.com","phone":"+15551234567"}'

# Update contact
python3 {baseDir}/scripts/ghl_api.py contacts update <contactId> '{"tags":["vip","hot-lead"]}'

# Delete contact
python3 {baseDir}/scripts/ghl_api.py contacts delete <contactId>

# List contacts (with optional limit)
python3 {baseDir}/scripts/ghl_api.py contacts list --limit 20

Pipeline & Opportunity Management

# List all pipelines
python3 {baseDir}/scripts/ghl_api.py pipelines list

# List opportunities in a pipeline
python3 {baseDir}/scripts/ghl_api.py opportunities list <pipelineId>

# Get opportunity details
python3 {baseDir}/scripts/ghl_api.py opportunities get <opportunityId>

# Create opportunity
python3 {baseDir}/scripts/ghl_api.py opportunities create '{"pipelineId":"...","stageId":"...","contactId":"...","name":"Deal Name","monetaryValue":5000}'

# Update opportunity (move stage, update value)
python3 {baseDir}/scripts/ghl_api.py opportunities update <opportunityId> '{"stageId":"new-stage-id","status":"won"}'

# Delete opportunity
python3 {baseDir}/scripts/ghl_api.py opportunities delete <opportunityId>

Conversations (SMS, Email, WhatsApp)

# List recent conversations
python3 {baseDir}/scripts/ghl_api.py conversations list

# Get conversation messages
python3 {baseDir}/scripts/ghl_api.py conversations get <conversationId>

# Send SMS
python3 {baseDir}/scripts/ghl_api.py conversations send-sms <contactId> "Hello! Following up on our call."

# Send email
python3 {baseDir}/scripts/ghl_api.py conversations send-email <contactId> '{"subject":"Follow Up","body":"<p>Hi there!</p>","emailFrom":"you@domain.com"}'

Calendar & Appointments

# List calendars
python3 {baseDir}/scripts/ghl_api.py calendars list

# Get free slots
python3 {baseDir}/scripts/ghl_api.py calendars slots <calendarId> --start 2026-02-16 --end 2026-02-17

# Create appointment
python3 {baseDir}/scripts/ghl_api.py appointments create '{"calendarId":"...","contactId":"...","startTime":"2026-02-16T10:00:00Z","endTime":"2026-02-16T10:30:00Z","title":"Discovery Call"}'

# List appointments
python3 {baseDir}/scripts/ghl_api.py appointments list <calendarId>

# Update appointment
python3 {baseDir}/scripts/ghl_api.py appointments update <appointmentId> '{"status":"confirmed"}'

# Delete appointment
python3 {baseDir}/scripts/ghl_api.py appointments delete <appointmentId>

Workflows

# Add contact to workflow
python3 {baseDir}/scripts/ghl_api.py workflows add-contact <workflowId> <contactId>

# Remove contact from workflow  
python3 {baseDir}/scripts/ghl_api.py workflows remove-contact <workflowId> <contactId>

Key API Endpoints Reference

ResourceMethodEndpoint
Search contactsGET/contacts/search?query=...&locationId=...
Get contactGET/contacts/{id}
Create contactPOST/contacts/
Update contactPUT/contacts/{id}
List pipelinesGET/opportunities/pipelines?locationId=...
List opportunitiesGET/opportunities/search?location_id=...&pipeline_id=...
Create opportunityPOST/opportunities/
List conversationsGET/conversations/search?locationId=...
Send messagePOST/conversations/messages
List calendarsGET/calendars/?locationId=...
Get free slotsGET/calendars/{id}/free-slots?startDate=...&endDate=...
Create appointmentPOST/calendars/events/appointments

Rate Limits

GHL API v2 enforces rate limits:

  • General: 100 requests/10 seconds per location
  • Bulk operations: 10 requests/10 seconds
  • The script auto-retries on 429 with exponential backoff (up to 3 retries)

Integration Patterns

Lead Capture → CRM Pipeline

  1. Capture lead via form/chatbot
  2. contacts create with lead data
  3. opportunities create to add to pipeline
  4. workflows add-contact to trigger nurture sequence

Appointment Booking Flow

  1. calendars list to find the right calendar
  2. calendars slots to get availability
  3. appointments create to book the slot
  4. GHL auto-sends confirmation via configured workflow

Follow-Up Automation

  1. conversations list to find unresponded conversations
  2. contacts get for context
  3. Generate follow-up with AI
  4. conversations send-sms or send-email

Credits

Built by M. Abidi | agxntsix.ai YouTube | GitHub Part of the AgxntSix Skill Suite for OpenClaw agents.

📅 Need help setting up OpenClaw for your business? Book a free consultation

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…