ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Salesforce Reporting Copilot

v1.0.0

Generate a Salesforce report blueprint from real org metadata. Use this skill when someone asks to build a report in Salesforce, understand how to query thei...

0· 108·0 current·0 all-time
byBenjamin Reynolds@breynol01
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md exclusively uses the 'sf' CLI to list orgs, describe sobjects, run SOQL, and pull report types. Requiring the 'sf' binary is appropriate and proportional.
Instruction Scope
Instructions tell the agent to run sf commands against whatever org the local CLI is authenticated to and to read/write describe/query outputs (e.g., saving describe JSON to a file). The instructions do not reference unrelated files, env vars, or external endpoints, but they will access live org metadata and potentially record query output — ensure explicit user consent before running against sensitive/production orgs.
Install Mechanism
No install spec or downloaded code — instruction-only skill. This is the lowest install risk: nothing is written to disk by the skill itself beyond what the 'sf' CLI user commands do.
Credentials
The skill requests no environment variables or credentials in its metadata, which is appropriate. However, it depends on the local 'sf' CLI authentication (which stores tokens/config on disk). The agent will act with whatever org access the CLI has — verify the intended target org and that the CLI auth is least-privilege.
Persistence & Privilege
always is false and the skill does not declare elevated persistence or request modification of other skills or global agent config. Model invocation is allowed (normal); consider user policies if you do not want autonomous agent runs to execute CLI commands against orgs without explicit approval.
Assessment
This skill appears to do what it says: it runs Salesforce CLI commands to inspect an org and build a report blueprint. Before installing/using it: (1) ensure 'sf' is installed from an official source and you understand which org alias the CLI is authenticated to; (2) do not run the skill against production or sensitive orgs without explicit approval — queries and describe outputs can expose metadata and data; (3) confirm the agent will not forward query results to external services you don't trust; (4) if you want to limit risk, disable autonomous invocation or require explicit user confirmation before running commands that access orgs; (5) review any output files (e.g., saved describe JSON) for sensitive fields before sharing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973g826gc8y46a0kgc5h15r6d830m0e

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📊 Clawdis
Binssf

SKILL.md

Salesforce Reporting Copilot

Generate a Report Blueprint from real Salesforce org metadata. Given an org and a reporting question, map the right objects, fields, and relationships — then produce a blueprint you can build in Salesforce Report Builder immediately.

Workflow

Step 1 — Authenticate and pull org metadata

# Verify CLI auth
sf org list

# Pull object list
sf sobject list --target-org <alias>

# Describe a specific object (fields, relationships, picklists)
sf sobject describe --sobject <ObjectName> --target-org <alias>

# Pull report types available in the org
sf data query --query "SELECT Id, Name, BaseObject FROM ReportType LIMIT 200" --target-org <alias>

See references/cli-reference.md for full command patterns, flags, and troubleshooting.

Step 2 — Map the reporting question to objects

Given the user's question (e.g. "I want to see which volunteers are missing certifications"):

  1. Identify the primary object (the thing being counted or filtered)
  2. Identify related objects needed via lookup/master-detail joins
  3. Note any formula fields or rollup summaries that pre-aggregate the data
  4. Flag any missing fields or relationships that would require a new custom field

See references/object-mapping.md for common Salesforce object patterns and report type selection guidance.

Step 3 — Produce the Report Blueprint

Output a structured blueprint:

## Report Blueprint: [Question]

**Report Type:** [Standard or custom report type name]
**Primary Object:** [e.g. Contact]
**Related Objects:** [e.g. Account (lookup), Certification__c (child)]

### Columns
| Field Label | API Name | Object | Notes |
|---|---|---|---|
| Full Name | Name | Contact | |
| Certification Status | Certification_Status__c | Certification__c | May need custom field |

### Filters
- [Field]: [Operator] [Value]

### Grouping / Summary
- Group by: [Field]
- Summary: [Count/Sum/etc.]

### Gaps / Blockers
- [Any missing fields, permissions, or relationships]

Constraints

  • Run sf sobject describe before making field claims — never assume field API names
  • If the user's question can't be answered with existing fields, say so clearly and suggest what needs to be built
  • Do not fabricate object or field names; always pull from live org metadata
  • If the user has no SF CLI auth configured, walk them through sf org login web first (see references/cli-reference.md)

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…