ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pans Crm Sync

v1.0.0

AI算力销售 CRM 同步工具。对接 Salesforce 和 HubSpot 双平台, 自动同步客户状态、更新 Pipeline、生成 CRM 报表,支持双向/增量同步 和冲突检测与解决。 触发词:CRM同步, 客户同步, Salesforce, HubSpot, pipeline同步, 客户状态更新, CRM...

0· 53·0 current·0 all-time
by@dashiming

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dashiming/pans-crm-sync.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Pans Crm Sync" (dashiming/pans-crm-sync) from ClawHub.
Skill page: https://clawhub.ai/dashiming/pans-crm-sync
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pans-crm-sync

ClawHub CLI

Package manager switcher

npx clawhub@latest install pans-crm-sync
Security Scan
Capability signals
Requires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's name/description (Salesforce + HubSpot CRM sync) matches the code and runtime instructions: it queries contacts, updates pipeline stages, and supports sync/query/update operations. Requiring Salesforce username/password/security token and a HubSpot API key is appropriate for this purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and the script.
Instruction Scope
SKILL.md and scripts/crm.py confine actions to interacting with Salesforce and HubSpot APIs, printing results, and optionally writing output JSON to a user-specified file. There are no instructions to read unrelated system files, exfiltrate data to arbitrary endpoints, or perform other out-of-scope actions.
Install Mechanism
There is no formal install spec (instruction-only), which minimizes automatic code installation risk. The README asks users to run pip install simple-salesforce and hubspot-api-client — expected for this functionality but means external packages will be installed at runtime. Those are standard SDKs, not obscure hosts, but pip installs always carry supply-chain risk.
!
Credentials
The code requires sensitive credentials (SALESFORCE_USERNAME, SALESFORCE_PASSWORD, SALESFORCE_SECURITY_TOKEN, HUBSPOT_API_KEY) — appropriate for the stated integrations — but the registry metadata declares no required environment variables or primary credential. This mismatch is an incoherence: the skill will prompt for or expect secrets even though the registry advertises none. Users should be aware and ensure they only provide least-privilege credentials.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is permitted (platform default) but not combined with other high-risk flags.
What to consider before installing
This skill appears to do what it says (sync Salesforce and HubSpot), but the registry metadata failing to declare required environment variables is a warning sign — the code expects sensitive credentials (Salesforce username/password/security token and HubSpot API key). Before installing or running: 1) review the full script (you already have it) to confirm there are no hidden endpoints; 2) run it in an isolated environment (or container) and avoid using production/high-privilege credentials — create and use least-privilege API tokens or a test account; 3) be aware you'll need to pip install external SDKs (verify their provenance); 4) consider rotating credentials after use and monitor API/activity logs for unexpected access. If the registry entry will be published, ask the maintainer to update the metadata to list the required env vars so the requirement is transparent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fp5fqkx0wq66k5y8g874sy985046z
53downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@dashiming
latest
Download

pans-crm-sync

AI算力销售CRM同步工具。对接Salesforce/HubSpot,自动同步客户状态、更新Pipeline、生成CRM报表。

功能

  • 支持 Salesforce 和 HubSpot 双平台
  • 客户数据同步(双向/增量)
  • Pipeline 状态更新
  • CRM 报表生成
  • 冲突检测与解决

安装

# 安装依赖
pip install simple-salesforce hubspot-api-client

# 配置环境变量
export SALESFORCE_USERNAME="your_username"
export SALESFORCE_PASSWORD="your_password"
export SALESFORCE_SECURITY_TOKEN="your_token"
export HUBSPOT_API_KEY="your_api_key"

使用

# 同步客户数据
python scripts/crm.py --sync --platform salesforce

# 更新Pipeline状态
python scripts/crm.py --update --platform hubspot --status "Closed Won"

# 查询客户信息
python scripts/crm.py --query --platform salesforce --email "customer@example.com"

CLI 参数

参数说明
--sync执行同步操作
--update更新记录
--query查询记录
--platform平台选择: salesforcehubspot
--status状态值(用于 --update)
--email邮箱(用于 --query)
--limit查询结果限制

触发词

CRM同步, 客户同步, Salesforce, HubSpot, pipeline同步, 客户状态更新, CRM报表, crm sync

Comments

Loading comments...