Back to skill
Skillv1.0.1
VirusTotal security
bigin-crm-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:54 AM
- Hash
- b686444a5ef738f34ca5bd7842a104046bf09b3b6805b701f6b118382380c5b4
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: bigin-crm-skill Version: 1.0.1 The OpenClaw Bigin CRM skill bundle appears benign. The Python scripts (`scripts/*.py`) implement standard Bigin CRM API interactions, including OAuth2 authentication, and manage CRM entities like pipelines, contacts, and companies. OAuth tokens are stored locally with appropriate permissions (`0o600`). File I/O operations (CSV import/export) are for their stated purpose and handle user-provided file paths, which is expected for a CRM skill. All network communications are directed to legitimate Zoho API endpoints. The `SKILL.md` and `README.md` documentation clearly describe the skill's functionality and provide usage examples without any evidence of prompt injection attempts, hidden instructions, or directives to subvert the agent's behavior. The YAML automation workflows define CRM-specific actions and use templating for data substitution, not arbitrary code execution. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, backdoors, or malicious execution.
- External report
- View on VirusTotal