v1.0.0

Twenty CRM

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:52 AM.

Analysis

This skill is purpose-aligned for Twenty CRM, but it needs review because it can use a bearer token to create, edit, and delete CRM records without built-in safeguards.

GuidanceInstall only if you want the agent to access your Twenty CRM. Use a least-privileged API key, verify the base URL and config path, and require explicit approval before any create, update, delete, destroy, or GraphQL mutation operation.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

scripts/twenty-rest-delete.sh

# If second arg is "destroy", calls the /destroy endpoint. ... curl -sS -X DELETE "$URL" \

The script directly deletes CRM objects, including a destroy mode, using the configured bearer token and without a built-in confirmation, scope check, or recovery guidance.

User impactAn agent with this skill and token could delete or permanently destroy important CRM records if it chooses or is instructed to run the helper.

RecommendationUse explicit human approval for POST/PATCH/DELETE/destroy and GraphQL mutations, and prefer narrowly scoped wrapper commands over raw low-level API helpers.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

scripts/twenty-config.sh

# Expected file: /Users/jhumanj/clawd/config/twenty.env
CONFIG_FILE="/Users/jhumanj/clawd/config/twenty.env"

The script uses a fixed, user-specific absolute config path, while SKILL.md tells users to create `config/twenty.env`; the referenced example file is also not in the manifest.

User impactThe skill may fail to find the intended config file or may read credentials from an unexpected local path.

RecommendationUpdate the scripts and documentation to use a clear relative or declared config path, and include the referenced example file.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/twenty-config.sh

if [ -f "$CONFIG_FILE" ]; then
  source "$CONFIG_FILE"
fi

The config file is sourced as shell code to load variables; this is common for shell scripts, but any commands placed in that file would execute.

User impactA malformed or untrusted config file could run local shell commands when any helper is invoked.

RecommendationKeep the config file limited to simple `TWENTY_BASE_URL` and `TWENTY_API_KEY` assignments and protect it from untrusted edits.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

SKILL.md

- `TWENTY_API_KEY` (Bearer token)

Scripts load this file automatically.

The skill requires a CRM bearer token even though the registry metadata declares no primary credential or required environment variables; that token is then used by broad REST/GraphQL helpers.

User impactUsers may underestimate that installing/configuring the skill gives the agent authenticated access to read and change CRM data.

RecommendationDeclare the credential requirement clearly, use a least-privileged Twenty API key, and avoid tokens with delete/admin powers unless those actions are intentionally needed.