v1.0.1

bigin-crm-skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:12 AM.

Analysis

This appears to be a legitimate Bigin CRM integration, but it needs review because it uses broad Zoho OAuth access and can bulk modify or delete CRM business records.

GuidanceReview this skill carefully before authenticating it with a real Bigin account. It is purpose-aligned for CRM management, but use a sandbox or least-privilege account first, confirm all bulk or automated actions manually, and protect or revoke the stored OAuth token when needed.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

README.md

python scripts/pipelines.py bulk-update \
  --stage "Negotiation" \
  --new-stage "Closed Won" \
  --criteria "probability-gt-80"

The documented CLI can bulk-change CRM pipeline stages to a final sales outcome. The artifacts do not show confirmation, dry-run, rollback, or other containment for high-impact bulk changes.

User impactAn agent using this skill could change important sales records in bulk, such as marking opportunities as won or lost, which can affect reporting, forecasts, and team workflows.

RecommendationRequire explicit user confirmation for create/update/delete/bulk operations, add dry-run previews for automation, limit bulk criteria, and document rollback or audit steps.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown
Homepage: none
Install specifications: No install spec — this is an instruction-only skill.

The skill includes runnable Python scripts but lacks a declared source/homepage and install specification, leaving provenance and setup details less clear.

User impactUsers have less external context for verifying who maintains the code and exactly how dependencies should be installed.

RecommendationVerify the publisher before installing, review the included scripts, and prefer pinned dependency/install metadata in future versions.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

pip install requests

The dependency installation is documented but unpinned and not represented in the registry requirements or install spec.

User impactA future install could resolve a different dependency version than the author tested.

RecommendationUse a pinned requirements file or locked environment when installing dependencies.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

scripts/auth.py

self.scope = "ZohoBigin.modules.ALL,ZohoBigin.settings.ALL,ZohoBigin.org.READ"

The OAuth scope grants broad access to all Bigin modules and settings, which exceeds a narrowly scoped CRM workflow and is not declared in the registry credential metadata.

User impactInstalling and authenticating this skill can give it broad authority over the user's Bigin CRM account, including many records and settings beyond a single task.

RecommendationUse least-privilege OAuth scopes where possible, declare the OAuth credential requirement in metadata, and authenticate first in a sandbox or low-privilege Bigin account.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

scripts/auth.py

self.token_file = self.token_dir / "bigin-crm.json"
...
os.chmod(self.token_file, 0o600)

The skill persistently stores OAuth tokens under the user's home directory. It does apply restrictive file permissions, but the token is still a durable credential for the CRM account.

User impactA local compromise or accidental disclosure of this file could expose CRM access until the token is revoked.

RecommendationProtect the local credentials directory, revoke tokens when no longer needed, and prefer a dedicated low-privilege OAuth app/account.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusNote

SKILL.md

Integration with Zoho Email Skill ... Extract sender info → Create/update contact ... Reply with acknowledgment

The documentation describes a cross-skill email-to-CRM workflow that moves email-derived data into Bigin CRM and can send an email reply, but it does not define data-boundary or approval rules.

User impactEmail sender details and possibly email history could be copied into CRM records or used in outgoing replies if the workflow is invoked.

RecommendationUse cross-skill email workflows only with explicit approval, verify recipients and extracted data before writing to CRM or sending replies, and avoid processing sensitive emails automatically.