Back to skill
Skillv1.0.0
VirusTotal security
Salesforce Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:06 AM
- Hash
- e54a598fbc1aea4d16a2226186ab429c9422db4e0ffc0b7c94f94387da72a572
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: salesforce Version: 1.0.0 The skill provides extensive and high-risk capabilities for interacting with Salesforce, including executing arbitrary Apex code, making raw REST/GraphQL API calls, and performing bulk data operations (create, update, delete) via the `sf` CLI. While the `SKILL.md` includes explicit guardrails instructing the AI agent to seek user confirmation for destructive actions, the inherent power of these commands (e.g., `sf apex run`, `sf api request rest`) means that a compromised agent or a malicious user could cause significant harm. There is no clear evidence of intentional malicious behavior or prompt injection designed to bypass these guardrails within the skill's definition itself, but the broad permissions and powerful actions classify it as suspicious.
- External report
- View on VirusTotal