Workcrm
PassAudited by ClawScan on May 1, 2026.
Overview
WorkCRM appears to be a coherent local CRM that drafts changes, requires a confirmation token before committing records, and stores CRM data locally.
This looks safe for a local CRM use case. Before installing, understand that it keeps CRM records and draft/audit data in a local SQLite database, and that replying `记` commits the current draft.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Replying with the confirmation token commits the proposed activity or task into the local CRM database.
The engine can create local CRM activities or tasks after the pending draft is confirmed, which is the stated purpose but still changes local records.
if pa.kind == "log":
res = r.log_activity(...)
...
if pa.kind == "task":
res = r.create_task(...)Review each draft before replying `记`; reply `不记` if the proposed record should not be saved.
Business or personal CRM information may remain on disk in the local SQLite database.
The local database can retain contact details and draft payloads, including rejected or pending drafts, as part of the CRM audit workflow.
CREATE TABLE IF NOT EXISTS contact (... email TEXT, phone TEXT, wechat TEXT ...); ... CREATE TABLE IF NOT EXISTS draft (... preview TEXT NOT NULL, payload TEXT NOT NULL ...)
Protect the local database location, avoid entering information you do not want retained, and delete or back up the database according to your privacy needs.