Pipedrive CRM (OpenClaw)

AdvisoryAudited by Static analysis on Apr 30, 2026.

Overview

No suspicious patterns detected.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note

ASI02: Tool Misuse and Exploitation

What this means

OpenClaw could make real changes to Pipedrive CRM data when given a valid token.

Why it was flagged

The skill can create, update, delete, and send raw Pipedrive API requests. This is disclosed and purpose-aligned for CRM administration, but mistakes or ambiguous prompts could modify business records.

Skill content

`create <entity> <json_payload>` ... `update <entity> <id> <json_payload>` ... `delete <entity> <id>` ... `request <METHOD> <path>`

Recommendation

Use explicit user approval for create, update, delete, and raw request actions, especially bulk or destructive operations.

Note

ASI03: Identity and Privilege Abuse

What this means

Actions run with the permissions of the supplied Pipedrive token or OAuth access token.

Why it was flagged

The skill requires Pipedrive credentials to operate. This is expected for the stated CRM integration, but those credentials determine what account data the agent can access or change.

Skill content

`PIPEDRIVE_API_TOKEN` for API token auth ... `PIPEDRIVE_ACCESS_TOKEN` for OAuth bearer auth

Recommendation

Use the least-privileged Pipedrive credential available, keep tokens out of chat, and rotate/revoke them if no longer needed.