Twenty CRM
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill matches its CRM purpose, but it gives broad API-key-backed access that can create, modify, or delete CRM records without declared credential requirements or clear safety limits.
Review this skill before installing. Only use it with a least-privilege Twenty API key, fix or verify the config file path, and require explicit approval before any create, update, delete, destroy, or GraphQL mutation against your CRM data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill with a valid token could delete or permanently destroy CRM records if it selects the wrong path or acts on a mistaken request.
The helper accepts an arbitrary REST path and can call a destructive delete/destroy endpoint. This is relevant to CRM administration, but the artifacts do not add confirmation, scope limits, or safety checks before destructive account-data changes.
PATH_PART="${1:-}"
MODE="${2:-}"
...
if [ "$MODE" = "destroy" ]; then
URL="$URL/destroy"
fi
curl -sS -X DELETE "$URL"Use a least-privilege Twenty API key, require explicit human approval before POST/PATCH/DELETE or GraphQL mutations, and prefer narrower task-specific wrappers for common safe actions.
Users may install the skill without realizing it needs an API key that can access and mutate their CRM workspace.
The registry metadata says no credential or environment variables are required, but SKILL.md and the scripts require TWENTY_BASE_URL and TWENTY_API_KEY as a bearer token. That under-declares the account authority this skill needs.
Required env vars: none Env var declarations: none Primary credential: none
Declare TWENTY_API_KEY and TWENTY_BASE_URL in metadata, document the minimum required token scope, and advise users to create a limited API key for this skill.
The skill may fail to find the intended config file, or may use an unexpected file location for the CRM token.
The script uses a hardcoded absolute path that differs from the SKILL.md instruction to create config/twenty.env. This looks like a packaging/provenance or portability gap rather than malicious behavior.
CONFIG_FILE="/Users/jhumanj/clawd/config/twenty.env"
Change the config path to a documented, user-relative or skill-relative location and include the referenced example config file.
If an attacker or untrusted process modifies the config file, running any helper script could execute unintended shell commands.
The config file is sourced as shell code. This is common for shell-based env files, but it means the config file must be trusted and protected.
source "$CONFIG_FILE"
Keep the config file owned by the user with restrictive permissions and use simple KEY=value entries only.