ClawHub

GoHighLevel CRM Automation

v1.3.0

Full read/write access to GoHighLevel CRM via API v2. Contacts, conversations, notes, opportunities, calendars, tags, tasks, forms, workflows, payments, and...

0· 150·0 current·0 all-time
bySetupClaw.tech@brianxmacdonald
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description promise full read/write access to GoHighLevel; the skill requires GHL_API_KEY and GHL_LOCATION_ID and exposes commands for contacts, conversations, notes, opportunities, calendars, tags, forms, workflows trigger, payments/invoices, etc. The requested scopes in the README match the operations the CLI implements.
Instruction Scope
SKILL.md instructs the agent to call the included Python CLI and to set two environment variables. The documented runtime steps (search contact, read convo, send reply, add note) are proportional to the described real-time CRM automation purpose. The only references to local files are example shell commands that grep ~/.openclaw/.env to export variables—these are convenience instructions, not hidden reads of unrelated system state.
Install Mechanism
There is no install spec; the skill is instruction + a single Python script. The script uses only Python standard library modules (urllib, json, etc.) and does not download or extract external code. This is a low-risk install footprint.
Credentials
Only two environment values are required: the GHL API key (primary credential) and a Location ID. These are exactly what a full-featured GoHighLevel integration would need. The SKILL.md explicitly instructs to create a Private Integration and enable matching scopes, which is coherent with provided features.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide settings. It runs as a user-invocable tool and uses only environment variables; it does not persist credentials to disk itself.
Assessment
This skill appears to be what it says: a Python CLI for full GHL API access. Before installing, review these practical items: 1) Principle of least privilege — when creating the Private Integration, enable only the scopes you actually need (consider a read-only token for testing). 2) SMS/communications risk — the skill can send messages; restrict message-sending scopes and require human approval for bulk sends. 3) Secret handling — follow secure storage for GHL_API_KEY (avoid committing ~/.openclaw/.env to source control) and rotate the key if you test on ephemeral or untrusted systems. 4) Vendor/source verification — the package's source is listed as unknown and homepage points to setupclaw.tech; if this will run in production, verify the vendor and review scripts/ghl_api.py fully (you already have the code) or run in an isolated environment first. If you want extra assurance, run the CLI in a test GHL account with limited scopes before connecting it to production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crd76tpc8cgpdctsj5kcps583ngad

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvGHL_API_KEY, GHL_LOCATION_ID
Primary envGHL_API_KEY

Comments