ClawHub

Attio

Attio CRM integration for managing companies, people, deals, notes, tasks, and custom objects. Use when working with Attio CRM data, searching contacts, managing sales pipelines, adding notes to records, creating tasks, or syncing prospect information.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
2 · 2k · 2 current installs · 2 all-time installs
bycaptmarbles@capt-marbles
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name, description, and instructions all describe Attio CRM operations (records, notes, tasks) which is coherent. However, the runtime instructions require an ATTIO_API_KEY and assume an 'attio' CLI is available, while the skill metadata lists no required environment variables and provides no required binaries or install spec — that mismatch is unexpected and incoherent.
!
Instruction Scope
The SKILL.md instructs the agent/user to set ATTIO_API_KEY (including an example echo to ~/.env) and to run the 'attio' CLI for searches and writes. Writing credentials to ~/.env and invoking a CLI are outside the skill metadata (no config paths or binaries declared). The actual API calls are within the stated purpose, but the guidance to modify ~/.env and reliance on an undeclared CLI expand the real scope.
!
Install Mechanism
There is no install specification and no code files (instruction-only), yet the instructions repeatedly call a local 'attio' command-line tool. The skill does not declare that binary as required nor provide an installation method — this is a practical incoherence (the commands may fail) and a transparency gap about what will run on the host.
!
Credentials
The SKILL.md explicitly requires an ATTIO_API_KEY (and even shows how to append it to ~/.env), but the registry metadata listed no required env vars or primary credential. Requesting a single API key for Attio is proportionate to the purpose, but the missing declaration and the instruction to store the key in a file without guidance on scopes/permissions or secure handling is concerning.
Persistence & Privilege
The skill does not request always:true and does not claim other elevated privileges. However, the instructions recommend writing the API key into ~/.env, which is a persistent change to user files. This is not necessarily malicious but should be disclosed and handled securely; the skill metadata does not list this config path.
What to consider before installing
This skill appears to be an Attio CRM helper, but there are several mismatches you should resolve before installing or using it: - The SKILL.md asks for ATTIO_API_KEY and shows echoing it into ~/.env, but the skill metadata lists no required env vars. Ask the publisher to declare ATTIO_API_KEY (and required scopes) explicitly. - The instructions assume an 'attio' CLI is present, yet no required binaries or install steps are provided. Confirm where that CLI comes from and prefer an official install method (e.g., official docs or a vetted package) before running commands. - Avoid blindly running the provided echo >> ~/.env line; storing API keys in files can leak them if the file is world-readable or backed up. Prefer setting the env variable in a secure credential store or add it to a properly permissioned file and understand token scopes and expiry. - Verify the skill's source and homepage (none provided here). If this came from an unknown author, request provenance or a link to official code/docs. If you proceed, only provide a minimally scoped Attio token, confirm the 'attio' CLI origin, and do not run install or file-edit commands until you review them.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk974rp3hc7s24e2vrsv1mmxc6x7zzqyd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Attio CRM

Manage Attio CRM via REST API. Supports companies, people, deals, lists (pipelines), notes, and tasks.

Setup

Set ATTIO_API_KEY in environment or ~/.env:

echo "ATTIO_API_KEY=your_api_key" >> ~/.env

Get your API key: Attio → Workspace Settings → Developers → New Access Token

Quick Reference

Objects (Records)

# List/search records
attio objects list                     # List available objects
attio records list <object>            # List records (companies, people, deals, etc.)
attio records search <object> <query>  # Search by text
attio records get <object> <id>        # Get single record
attio records create <object> <json>   # Create record
attio records update <object> <id> <json>  # Update record

Lists (Pipelines)

attio lists list                       # Show all pipelines/lists
attio entries list <list_slug>         # List entries in a pipeline
attio entries add <list_slug> <object> <record_id>  # Add record to pipeline

Notes

attio notes list <object> <record_id>  # Notes on a record
attio notes create <object> <record_id> <title> <content>

Tasks

attio tasks list                       # All tasks
attio tasks create <content> [deadline]  # Create task (deadline: YYYY-MM-DD)
attio tasks complete <task_id>         # Mark complete

Examples

Find a company and add a note

# Search for company
attio records search companies "Acme"

# Add note to the company (using record_id from search)
attio notes create companies abc123-uuid "Call Notes" "Discussed Q1 roadmap..."

Work with pipeline

# List pipeline stages
attio entries list sales_pipeline

# Add a company to pipeline
attio entries add sales_pipeline companies abc123-uuid

Create a follow-up task

attio tasks create "Follow up with John at Acme" "2024-02-15"

API Limits

  • Rate limit: ~100 requests/minute
  • Pagination: Use limit and offset params for large datasets

Full API Docs

https://docs.attio.com/

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…