Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
CRM Engine
v1.0.0Full CRM with accounts, leads, deals, contacts, pipelines, and work orders — built for AI agents.
⭐ 0· 33·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description match the SKILL.md: endpoints cover accounts, leads, deals, contacts, pipelines, and work orders. The declared gateway URL aligns with the stated API-based CRM purpose, and there are no unrelated binaries, installs, or env vars requested.
Instruction Scope
SKILL.md only instructs calling specific HTTP endpoints at the listed gateway, which is in-scope for a CRM. However the payment requirement (x402 / USDC on Base L2) is underspecified: there are no instructions for how to initiate or sign payments, no contract/address info, and no auth token flow. That vagueness could cause an agent to prompt for wallet credentials, private keys, or to attempt automated on-chain payments without clear guardrails. The skill also transmits potentially sensitive CRM data to an external gateway of unknown provenance.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal local surface area and nothing is written to disk by an installer.
Credentials
No environment variables or credentials are requested, which is consistent with a pay-per-call API. But because payment is required, real-world integration will likely require a wallet or signing mechanism (not declared). The absence of declared credentials makes the payment/authentication model unclear and therefore disproportionate in operational ambiguity.
Persistence & Privilege
The skill is not always-on and is user-invocable (normal). However, the platform-default allowance for autonomous invocation combined with a pay-per-call API increases risk: an autonomous agent could make repeated paid calls (or attempt payments) unless agent autonomy is constrained.
What to consider before installing
This skill appears to be a legitimate API-driven CRM, but there are important unknowns you should resolve before enabling it:
- Gateway trust: the skill points to https://gateway.mcfagentic.com. Verify the operator, privacy policy, and SLA. Do not send real customer data until you trust the endpoint.
- Payment flow: the SKILL.md says calls require x402 (USDC on Base). Ask the author for explicit instructions: smart contract addresses, how to include payment in requests, and whether the skill will ever ask for private keys or wallet seed phrases. Never provide private keys or seed phrases to the agent or skill.
- Test with limits: if you enable it, run tests with synthetic data and the smallest possible payment or a sandbox environment. Monitor and limit spend (rate limits, daily caps) if possible.
- Restrict autonomy: consider disabling autonomous invocation or require explicit user approval for actions that may incur cost. Log and review every outbound call until you’re confident.
- Data protection: the skill will send PII (contacts, emails) to the external gateway; ensure this is acceptable under your privacy/compliance rules.
If the vendor cannot clearly document the payment/auth flow and provide verifiable identity for the gateway, treat the integration as high risk and avoid enabling it for production data.Like a lobster shell, security has layers — review code before you run it.
latestvk97b1hcq8veedzsdr78cg95fch840j7y
License
MIT-0
Free to use, modify, and redistribute. No attribution required.