Salesforce Skill
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: salesforce-skill Version: 0.1.0 The OpenClaw AgentSkills skill bundle for Salesforce CRM is classified as benign. All files, including `SKILL.md` and `scripts/salesforce-helper.sh`, consistently demonstrate functionality aligned with managing Salesforce CRM data using the official Salesforce CLI (`sf`) and REST API. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, prompt injection attempts against the agent to subvert its purpose, or obfuscation. The skill appropriately requests and uses `SALESFORCE_ACCESS_TOKEN` and `sf` CLI for its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong org or record list, the agent could delete or modify important CRM data.
The skill documents direct and bulk deletion of Salesforce records. This is within the stated CRM-management purpose, but it is a high-impact action that should be explicitly user-approved.
sf data delete record --sobject Contact --record-id 003XXXXXXXXXXXXXXX --target-org myorg # Bulk delete via query (careful!) sf data delete bulk --sobject Lead --file leads-to-delete.csv --target-org myorg
Confirm the Salesforce org, object type, record IDs, and CSV contents before allowing update, delete, bulk import, or bulk delete commands.
The agent may act with the same Salesforce permissions as the authenticated user or token.
The skill needs delegated Salesforce credentials or an access token. This is expected for Salesforce operations, but those credentials may grant broad CRM read/write authority.
Authentication configured via one of:
- `sf org login web` (OAuth browser flow - recommended for interactive)
- `sf org login jwt` (JWT for headless/automated)
- `SALESFORCE_ACCESS_TOKEN` environment variable (direct token)Use a least-privilege Salesforce account, avoid admin tokens unless necessary, and revoke or rotate tokens if they are no longer needed.
Commands could affect the wrong Salesforce org if the CLI default is not what the user expects.
If SALESFORCE_TARGET_ORG is unset, the helper uses the Salesforce CLI's default org. This is normal CLI behavior but can be ambiguous for users with multiple orgs.
TARGET_ORG="${SALESFORCE_TARGET_ORG:-}"
if [[ -n "$TARGET_ORG" ]]; then
ORG_FLAG="--target-org $TARGET_ORG"
else
ORG_FLAG=""
fiSet SALESFORCE_TARGET_ORG or pass --target-org explicitly, especially before write, delete, or bulk operations.
Users may not see required setup and credential requirements in the registry before installation.
SKILL.md declares a Salesforce CLI dependency and token environment variable, while the registry metadata supplied for review lists no required binaries, env vars, or install spec. The dependency itself is purpose-aligned, but the registry metadata is incomplete.
metadata: {"moltbot":{"requires":{"bins":["sf"],"env":["SALESFORCE_ACCESS_TOKEN"]},"primaryEnv":"SALESFORCE_ACCESS_TOKEN","install":[{"id":"npm","kind":"node","package":"@salesforce/cli","bins":["sf"]},{"id":"brew","kind":"brew","formula":"salesforce-cli","bins":["sf"]}]}}Update registry metadata to declare the Salesforce CLI dependency, supported install methods, and any optional or required Salesforce credential environment variables.