Salesforce API Integration

WarnAudited by ClawScan on May 10, 2026.

Overview

This Salesforce skill is transparent and instruction-only, but it enables broad CRM changes and bulk deletes with a bearer token without clear approval guardrails.

Install only if you are comfortable giving the agent Salesforce API access. Use a least-privilege Salesforce user, test in a sandbox, keep tokens out of files, and require explicit confirmation before any create, update, delete, bulk, or composite write operation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI02: Tool Misuse and Exploitation

What this means

An agent using this skill with a powerful Salesforce token could accidentally make large CRM changes or deletions.

Why it was flagged

The skill documents Salesforce Bulk API delete operations that can affect very large numbers of business records, but the artifacts do not add clear confirmation, dry-run, limit, sandbox, or rollback requirements before such destructive actions.

Skill content

### Delete Job ... "operation": "delete" ... Max 100 million records per 24h

Recommendation

Require explicit user approval for all create, update, delete, Bulk, and Composite write operations; prefer sandbox testing, least-privilege tokens, record previews, backups, and small batch limits.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Anyone or any agent with this token may be able to access or modify Salesforce data allowed by that user’s permissions.

Why it was flagged

Salesforce credentials and API scopes are expected for this integration, but the `api` and `refresh_token` scopes can provide long-lived, broad delegated access depending on the Salesforce account.

Skill content

Select scopes: `api`, `refresh_token` ... export SF_ACCESS_TOKEN="00D..."

Recommendation

Use a dedicated least-privilege Salesforce integration user, avoid admin tokens, rotate credentials, and prefer safer OAuth flows over password-based setup where possible.

Low

#ASI06: Memory and Context Poisoning

What this means

Salesforce schema details, common queries, and workflow preferences may remain on the device and be reused in later sessions.

Why it was flagged

The skill intentionally persists Salesforce org context, object usage, queries, and behavioral preferences locally; this is disclosed and scoped, but it may contain sensitive business context.

Skill content

Create `~/salesforce-api-integration/memory.md` ... **Learn from behavior** ... **Track objects loosely** ... Update `last` on each use

Recommendation

Do not store tokens, customer secrets, or sensitive record data in the memory file; review or delete ~/salesforce-api-integration/memory.md when needed.