ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Customer Success Manager

v2.1.1

Monitors customer health, predicts churn risk, and identifies expansion opportunities using weighted scoring models for SaaS customer success. Use when analy...

0· 839·4 current·4 all-time
byAlireza Rezvani@alirezarezvani
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and included files line up: three Python tools plus templates for CSM workflows are appropriate for a Customer Success Manager skill. Minor inconsistencies: SKILL metadata in the registry claims version 2.1.1 while SKILL.md lists version 1.0.0; SKILL.md instructs using Python but the skill declares no required binary (python) in the registry. These are likely quality-control issues but worth fixing.
!
Instruction Scope
SKILL.md instructs running three Python CLI scripts on JSON input only (no network calls claimed). However, the references/playbooks contain a glaring contradiction: health_score_calculator classifies 75–100 as Green (healthy), while the playbook labels 'Critical Risk' as score 80–100 and prescribes immediate escalation. That conflict could cause dangerous, incorrect operational actions. Also, the provided listing did not include the full contents of the three scripts in the materials shown here, so I could not confirm they contain only standard-library logic or lack hidden endpoints—you should review those files for outbound network calls or environment-var access before running on sensitive data.
Install Mechanism
No install script is provided (instruction-only install), which minimizes supply-chain risk. Files are included in the skill bundle and are intended to be executed with an on-host Python interpreter; no external packages or downloaded archives are declared. The only missing declaration is that Python is required—SKILL.md notes Python 3.7+, but the registry's required-binaries list is empty.
Credentials
Skill requires no environment variables or credentials, which fits a local scoring tool. However, SKILL.md claims 'standard library only' but the scripts themselves were not shown in full here; verify the scripts do not read unexpected environment variables or access configuration paths. Also add a declared 'python' binary requirement to the metadata to remove ambiguity.
Persistence & Privilege
The skill is not always-enabled, and it does not request elevated persistence or system-wide configuration changes in the instructions. Nothing in SKILL.md asks the agent to modify other skills or global agent settings.
What to consider before installing
This skill appears to implement what it claims (health scoring, churn prediction, expansion scoring) and includes relevant templates, but I found important inconsistencies and unknowns to check before installing or running on real customer data: 1) Fix the metadata quality issues: declare Python as a required binary and reconcile the version fields. 2) Investigate the mismatch between health score ranges and the risk-playbook ranges (health: 75–100 = Green/Healthy vs. playbook: 80–100 = Critical Risk). Confirm which numeric scale is authoritative so you don't trigger the wrong interventions. 3) Review the three Python scripts (health_score_calculator.py, churn_risk_analyzer.py, expansion_opportunity_scorer.py) yourself or have a developer inspect them for any network calls, environment-variable reads, or external process execution — SKILL.md asserts 'no API calls' but I could not verify the script internals from the provided content. 4) Test locally with the included sample_customer_data.json and review outputs (JSON mode) before integrating into any pipelines; run them in an isolated environment or container if you have sensitive data. If you want, I can (a) inspect the full contents of the three scripts for suspicious patterns, or (b) produce a short checklist/tests to run safely when first executing the skill.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cpmw5hevw14tgfx94n4t8dx82pm2f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments