ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Salesforce AI Agent Script

v1.0.0

Agent Script DSL for deterministic Agentforce agents. TRIGGER when: user writes or edits .agent files, builds FSM-based agents, uses Agent Script CLI (sf age...

0· 50·0 current·0 all-time
byAnush DSouza@dsouza-anush
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchasesRequires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, documentation, example bundles, and included validator scripts align with an authoring/validation helper for Salesforce Agent Script. There are no unrelated environment variables, binaries, or remote install steps requested.
Instruction Scope
SKILL.md focuses on authoring, validation, CLI workflows (sf agent validate/preview/publish) and guidance for .agent files. This is in-scope. A static scanner flagged a prompt-injection pattern within SKILL.md (see scan_findings_in_context); the visible instructions do not otherwise ask for unrelated system secrets or to exfiltrate files, but you should review the skill text and any templates for embedded instructions that try to override or redirect agent behavior.
Install Mechanism
No install spec is present (instruction-only), and there are no download/extract steps or external package installs. The repository includes two Python validator scripts and many documentation files; including code in the skill bundle is reasonable for linting/validation but review those scripts before running locally.
Credentials
The skill declares no required environment variables or credentials. It references Salesforce CLI commands and Named Credentials (typical for Salesforce deployments) which require regular Salesforce auth flows — appropriate for the described functionality and not requested directly by the skill.
Persistence & Privilege
Flags show always:false and normal model invocation allowed. agents/openai.yaml sets allow_implicit_invocation: true which means the skill may be implicitly invoked by platform triggers (e.g., when editing .agent files) — this is consistent with the stated trigger rules but you should confirm implicit invocation behavior meets your policies.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] unexpected: A regex scanner found the token 'ignore-previous-instructions' in SKILL.md content. This is not expected for a documentation/validation skill and could be a benign artifact (instruction examples, warnings, or false positive). Treat it as a prompt-injection signal to review SKILL.md for any lines that attempt to override platform or agent safety instructions.
Assessment
This skill appears to be what it says: documentation, patterns, and local validators for Salesforce Agent Script authoring. Before installing or running it: 1) Manually inspect the two Python scripts (hooks/scripts/agentscript-syntax-validator.py and scripts/validate-asset-profiles.py) and any other executable files for unexpected network calls or code that runs arbitrary shell commands. 2) Confirm how your platform treats allow_implicit_invocation and triggers so the skill doesn't run automatically in contexts you don't expect. 3) Use normal Salesforce auth flows for CLI commands; do not paste long-lived secrets into skill configuration. 4) Because a prompt-injection pattern was flagged in SKILL.md, quickly scan the skill documentation for any content that attempts to instruct the agent to ignore previous safety instructions or to exfiltrate files/credentials; remove or sandbox any such lines. If you want, I can extract and show the contents of the two Python scripts and the relevant SKILL.md sections flagged for manual review.
!
references/fsm-architecture.md:393
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk974pzxc246xprbxnc7779d0kn84hpw0salesforcevk974pzxc246xprbxnc7779d0kn84hpw0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments