ClawHub

Salesforce API Integration

v1.0.1

Complete Salesforce REST API for SOQL queries, CRUD operations, Bulk API, Composite API, authentication, and standard objects with error handling.

0· 429·4 current·4 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim full Salesforce REST/Bulk/Composite coverage and the skill only requires SF_ACCESS_TOKEN and SF_INSTANCE_URL plus a local config path; those credentials and the config directory are proportionate to interacting with a Salesforce org and saving user preferences.
Instruction Scope
All runtime instructions are curl/code examples targeting Salesforce domains and describe OAuth flows, SOQL, CRUD, Bulk and Composite APIs. The skill explicitly limits network calls to Salesforce endpoints. It does write and read a local preferences/memory file (~/salesforce-api-integration/memory.md) which can store org context and queries — the docs say tokens should not be stored there, but the memory can contain sensitive org metadata or saved queries, so users should review its contents.
Install Mechanism
No install spec or third-party downloads; this is purely documentation/instruction files (lowest install risk).
Credentials
Only SF_ACCESS_TOKEN (primary) and SF_INSTANCE_URL are required, which directly map to API calls described. The setup docs show how to obtain tokens using client credentials, username/password, or refresh tokens — those additional secrets are not required by the skill itself but would be provided by the user if they choose that flow.
Persistence & Privilege
always:false and no attempt to modify other skills or system-wide settings. The skill stores preferences in its own declared config path; that is expected and proportionate. Autonomous invocation is enabled by default but not combined with any broad/hidden privileges.
Assessment
This skill is a coherent Salesforce API guide. Before installing: (1) only provide SF_ACCESS_TOKEN and SF_INSTANCE_URL — avoid exporting long-lived client secrets or passwords as env vars unless you understand the OAuth flow you’re using; (2) review ~/salesforce-api-integration/memory.md after first use — it may store org context or saved queries (but should not store tokens); (3) prefer using the interactive (web server) or refresh-token flows over username/password flows, which require sharing more sensitive credentials; (4) ensure the access token you provide has only the scopes needed for intended operations and rotate it if you suspect exposure. If you need the skill to never persist any org metadata, do not create the memory file or check its contents before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk970qnmnk3vfs419v36cjbcn4x81rrzq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

☁️ Clawdis
OSLinux · macOS · Windows
EnvSF_ACCESS_TOKEN, SF_INSTANCE_URL
Config~/salesforce-api-integration/
Primary envSF_ACCESS_TOKEN

Comments