Client Relationship Manager
v1.0.1Lightweight AI-native CRM for solopreneurs and freelancers. Track clients, relationships, follow-ups, deal stages, and interaction history in plain text file...
⭐ 0· 239·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (a plain-text-file CRM for solopreneurs) matches the instructions: create crm/ tree, maintain client files, pipeline.md, follow-ups.md, and have the agent read/update those files. There are no unrelated required binaries, env vars, or install steps. One note: the SKILL.md recommends adding a CRM protocol to AGENTS.md or the system prompt — that recommendation expands the skill's operational scope beyond simple file manipulation (see instruction_scope).
Instruction Scope
Most runtime instructions are appropriate for a text-file CRM (read/write files in crm/, prepare briefs, generate summaries). However, the SKILL.md explicitly instructs the user to add a persistent CRM protocol to AGENTS.md or the system prompt, which effectively modifies agent/system-level instructions and can override or steer the agent's behavior across contexts. The pre-scan flagged a 'system-prompt-override' pattern in the SKILL.md. That standing instruction is out-of-band for a file-based CRM and is a notable prompt-injection/persistence risk.
Install Mechanism
No install spec and no code files — instruction-only skill. This minimizes installation risk because nothing is downloaded or written by an installer. The runtime surface is the text instructions the agent follows and the workspace files it reads/writes.
Credentials
The skill requests no environment variables, credentials, or config paths (proportionate for a local text-file CRM). That said, the guidance to add the CRM Protocol into AGENTS.md or the system prompt effectively asks you to change agent configuration (a privileged location). While no secrets are requested, modifying agent prompts/config is a sensitive action and should be treated like granting elevated, persistent behavior to the agent.
Persistence & Privilege
Metadata shows always:false and no autonomous-disable flag — normal. But the SKILL.md asks the user to add persistent instructions to AGENTS.md or the system prompt, which gives the skill-like behaviour permanence outside the normal skill registry controls. This increases blast radius because those instructions can affect all future agent interactions; combined with the detected prompt-override pattern, this is the main risk factor.
Scan Findings in Context
[system-prompt-override] unexpected: The SKILL.md explicitly tells the user to add a 'CRM Protocol' into AGENTS.md or the system prompt so the agent will follow rules when managing clients. Asking users to add standing instructions to the system prompt is not necessary for a file-based CRM and looks like a prompt-override pattern the scanner flagged.
What to consider before installing
This skill otherwise appears coherent for managing plain-text CRM files, but do NOT blindly paste the provided 'CRM Protocol' into your system prompt or global AGENTS.md. Adding standing instructions to the system prompt effectively gives persistent control over your agent's behavior and can be abused. Safer steps: (1) Keep the CRM files in a dedicated workspace and only grant the agent file read/write rights for that directory; (2) use per-invocation user prompts (e.g., ask the agent to 'follow CRM protocol for this task') instead of modifying the global system prompt; (3) require manual confirmation before any file write (the SKILL.md already recommends this — keep it); (4) avoid storing secrets (passwords, API keys, payment details) in the CRM files; (5) verify the skill source/author before trusting long-term use (the registry metadata lacks a homepage and repo link — inspect theorigin or test in an isolated sandbox first). If you want higher assurance, ask the publisher for a canonical repo or signed release you can review.Like a lobster shell, security has layers — review code before you run it.
latestvk972wax5fp9stnjp4934dj1xw582gjxg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.