CRM
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only CRM skill looks benign, but it guides creation of persistent contact files that users should keep private.
This skill is safe to consider for a local personal CRM. Before using it, decide where the `~/crm/` data should live, protect files containing contact details and notes, and be cautious before enabling cloud sync, Git history, migrations, or bulk edits.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Contact details and notes may persist on disk and be reused later as the CRM grows.
The skill guides users to store personal contact details and freeform notes in a persistent local CRM folder. This is expected for the purpose, but it is sensitive personal data that should be protected.
Create `~/crm/` folder as the single source of truth ... id, name, email, company, phone, notes, tags, created, updated
Keep the CRM folder in a private location, avoid storing secrets in notes, and consider local file permissions or encryption for sensitive contact data.
If enabled, CRM records could be copied to a cloud provider or repository and changes could spread beyond the original local folder.
The skill suggests optional cloud or Git syncing only when asked. This is disclosed and purpose-aligned, but syncing can propagate CRM data and mistakes across devices or services.
Sync When Asked - Cloud folder (Dropbox/iCloud/Drive) for multi-device ... Git repo for version history
Only enable sync deliberately, confirm what data will be included, and use backups before migrations or bulk edits.