CordysCRM
AdvisoryAudited by Static analysis on May 9, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad raw command could access or change CRM business data using the user's API keys.
The raw command accepts an arbitrary HTTP method, path, and extra curl arguments, then sends the Cordys API credentials with that request. The artifacts do not restrict raw calls to read-only operations or require review before potentially mutating CRM data.
raw <方法> <路径> [curl参数...] ... curl -s -X "$method" "$url" -H "X-Access-Key: ${CORDYS_ACCESS_KEY}" -H "X-Secret-Key: ${CORDYS_SECRET_KEY}" ... "$@"Disable raw access by default, restrict it to safe read-only methods, and require explicit user confirmation for POST/PUT/PATCH/DELETE or any custom endpoint.
The assistant may query team or department-level CRM data when a least-privilege personal view would be safer.
When the user's role cannot be identified, the skill defaults to a sales-manager profile explicitly described as broader in scope, rather than failing closed or asking for confirmation.
# 兜底:无法识别时默认经理模式(权限覆盖广)
else:
role = "sales-manager"Default unknown users to the least-privileged role or ask the user to confirm their role before using manager-level filters or views.
Users may not receive an install-time warning that API credentials are required.
The formal metadata shown in the review says no credentials are required, while the skill files declare CORDYS_ACCESS_KEY, CORDYS_SECRET_KEY, and CORDYS_CRM_DOMAIN. The credential use is purpose-aligned, but registry-level disclosure appears incomplete.
Required env vars: none ... Primary credential: none
Update the registry metadata to declare the required Cordys environment variables and sensitive credential requirement.
Local User.md may contain personal work identity details and may affect what data the assistant chooses to retrieve later.
The skill stores user identity and role context locally and reuses it for later role-based filtering and output. This is disclosed and purpose-aligned, but it creates persistent context that can become stale or influence future queries.
cordys.sh crm whoami ... 将结果写入 User.md 持久化用户身份 ... 从创建起超过 7 天 | 后台静默刷新(不打扰用户)
Document where User.md is stored, provide a clear reset/delete command, and refresh or overwrite it only with user awareness.
A compromised .env file in the skill directory could run shell commands when the CLI is used.
The shell CLI loads .env by sourcing it, which is convenient for credentials but can execute shell syntax if that file is malicious or tampered with.
if [[ -f "$ENV_FILE" ]]; then set -a source "$ENV_FILE" set +a fi
Keep the .env file private and trusted, or replace shell sourcing with a safer key-value parser.