bigin-crm-skill
v1.0.1Manage pipelines, contacts, companies, tasks, and activities in Bigin CRM using OAuth2-authenticated API for small business sales automation.
⭐ 0· 298·0 current·0 all-time
byShreyas Rao@lindy-dev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the repo contains a Bigin API client, modules for pipelines/contacts/companies/tasks/events/calls, an OAuth2 auth flow, example configs, and tests. The requested capabilities (create/update/search pipelines, contacts, etc.) align with the code and README.
Instruction Scope
SKILL.md instructs typical CLI flows and OAuth browser-based auth (starts a local HTTP listener on port 8888). Most instructions map to scripts in the package. Minor inconsistencies: SKILL.md shows a shorthand 'bigin' CLI (bigin auth --client-id ...) while README and provided scripts use python scripts/*.py (e.g., python scripts/auth.py auth). SKILL.md mentions AI features that reference reading 'last 3 emails' / integrating with a Zoho Email Skill — the Bigin code itself does not access email content; that integration would require a separate email skill and permissions. Otherwise instructions remain within CRM scope and do not ask to read unrelated system files.
Install Mechanism
This is effectively an instruction-only skill in registry (no install spec). Code files are bundled with the skill, but there is no remote download/install step or execution of untrusted archives. Dependencies are limited to Python and the requests library (pip), which is proportional for a Python client.
Credentials
The skill does not declare required environment variables in registry, but it expects OAuth client ID and secret to be placed in config/oauth-config.json and stores tokens at ~/.openclaw/credentials/bigin-crm.json. The OAuth scopes requested (ZohoBigin.modules.ALL, ZohoBigin.settings.ALL, ZohoBigin.org.READ) match the CRM actions implemented. There is no unexpected request for unrelated credentials or secret env vars. Users should note that client secret and refresh/access tokens are stored locally and should be protected.
Persistence & Privilege
always:false and no special OS privileges requested. The only persistent footprint is token storage under the user's home (~/.openclaw/credentials/bigin-crm.json) and a config template under config/. The skill runs a local HTTP listener temporarily during OAuth callback on port 8888 (standard OAuth pattern).
Assessment
This skill is internally coherent for managing Bigin CRM via OAuth2. Before installing: 1) Prepare a Zoho/Bigin OAuth client (client_id and client_secret) and verify you are comfortable placing them in config/oauth-config.json; tokens will be stored under ~/.openclaw/credentials/bigin-crm.json with restrictive permissions. 2) The auth flow opens your browser and runs a local server on port 8888 to capture the OAuth callback—ensure that port is available and you trust the network. 3) If you plan to use 'AI' features that reference emails, install and grant permissions to the separate email skill—this Bigin package does not itself read your mailbox. 4) Note the minor documentation mismatch (SKILL.md uses a 'bigin' CLI shorthand while the shipped scripts use python scripts/*.py); follow the README or inspect scripts before running. 5) As with any third-party code, review the config files to ensure they contain no embedded secrets and consider running the code in a sandboxed environment or test account (developer sandbox) first.Like a lobster shell, security has layers — review code before you run it.
latestvk9764zsmkjsr2f5kvm9rjnxk05821c6e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.