v1.0.0

Salesforce Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:53 AM.

Analysis

This Salesforce administration skill is coherent with its purpose, but it deserves review because it can use Salesforce credentials, expose tokens, and make broad changes to CRM data and metadata.

GuidanceInstall this only if you intend to let the agent administer Salesforce. Use a sandbox or least-privilege account where possible, set the target org explicitly, avoid exposing tokens or SFDX auth URLs, and require explicit approval before any create, update, delete, bulk import/export, Apex execution, metadata deployment, or raw REST API action.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

create/update/delete records, bulk import/export, execute Apex, deploy metadata, and make raw REST API calls

These are high-impact Salesforce operations that can modify or delete business data, move large datasets, run server-side code, change metadata, or bypass safer scoped workflows through raw API calls.

User impactIf invoked against the wrong org or with an overly privileged account, the skill could alter production CRM data, export customer records, run Apex, or deploy metadata changes.

RecommendationUse a least-privilege Salesforce account, prefer sandboxes for testing, set the target org explicitly, and require explicit user approval for create, update, delete, bulk, Apex, deploy, and raw REST operations.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

install spec

node | package: @salesforce/cli | creates binaries: sf

The skill depends on installing the external Salesforce CLI npm package. This is expected for the skill's purpose, but users should recognize that the installed CLI becomes the authority used for Salesforce access.

User impactThe trust boundary includes the locally installed Salesforce CLI and its npm distribution.

RecommendationInstall the Salesforce CLI from the official Salesforce source, keep it updated, and verify the binary before authenticating to sensitive orgs.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Display info about the default org (access token, instance URL, username) ... Display with SFDX auth URL (sensitive - contains refresh token)

The instructions explicitly document commands that can reveal active Salesforce access credentials, including refresh-token-bearing auth URLs.

User impactSalesforce tokens exposed in command output could give access to the connected org and may appear in the assistant transcript, terminal output, or copied files.

RecommendationAvoid asking the agent to display verbose org auth details unless necessary, treat all auth URLs and tokens as secrets, revoke exposed tokens, and authenticate with the minimum Salesforce permissions needed.