Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Sales AI Agent Starter
v1.0.0Designs, builds, and deploys custom AI agents for sales, customer service, and operations, integrating with business workflows and CRM systems.
⭐ 0· 53·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes building/deploying agents (which plausibly could use node tooling), but the registry metadata lists no required binaries/env while the SKILL.md's embedded metadata declares a node requirement and an install of a package named 'clawhub'. That internal inconsistency is unexplained and reduces trust in the declared surface area.
Instruction Scope
The human-readable instructions remain within the stated purpose (discovery, design, build, deploy phases) and do not explicitly tell the agent to read unrelated system files or exfiltrate data. However, they repeatedly reference integrating with CRMs and other services without declaring how credentials or data access will be requested/used, which is vague and could lead to ad-hoc credential collection at runtime.
Install Mechanism
There is no install spec in the registry metadata, but SKILL.md includes an install block that would install an npm-like package 'clawhub' (kind: 'node'). Installing packages from external package registries can execute arbitrary code; 'clawhub' has no provenance (no homepage/source provided). This mismatch and lack of verifiable source is a risk.
Credentials
The registry lists no required environment variables or credentials, but the skill claims integrations with CRMs (HubSpot, Salesforce), Slack, and other services — all of which require credentials. The skill does not declare what secrets it will request or how they will be stored, creating a gap between claimed functionality and declared credential requirements.
Persistence & Privilege
The skill is not marked always:true and does not request elevated persistent privileges. It's user-invocable and allows autonomous invocation (platform default), which is expected for an integration skill.
What to consider before installing
This skill's goal (build/deploy sales/customer agents) is reasonable, but there are warning signs you should resolve before installing or running it:
- Ask the author for provenance: where does the 'clawhub' package come from? Provide a homepage/GitHub/NPM link and a README. Do not install packages from unknown sources.
- Confirm install behavior: the registry metadata contains no install spec, yet SKILL.md requests installing node/clawhub. Ask whether the skill will auto-install anything and where those binaries will be placed.
- Credential handling: the skill will need CRM/Slack/etc. credentials to integrate. Require least-privilege service accounts or API tokens scoped to a sandbox, never hand over full production admin keys. Ask how credentials are stored and whether they are transmitted off your environment.
- Sandbox first: run any install and integration steps in an isolated environment (disposable VM, container, or staging account) to observe what the package does.
- Audit and logging: request a clear list of network endpoints the skill contacts and any telemetry. If the author cannot provide clear answers or provenance, treat the install as high risk and avoid granting real credentials.
Given the registry vs SKILL.md mismatch and the unknown npm package, treat this as suspicious until the provider supplies source links and a clear install/credential model.Like a lobster shell, security has layers — review code before you run it.
latestvk97c2z90py5sfbdntkcfnzftzx84dcxg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.