Crm Manager Skill
AdvisoryAudited by VirusTotal on Apr 3, 2026.
Overview
Type: OpenClaw Skill Name: crm-manager-skill Version: 4.0.0 The CRM Manager skill provides legitimate customer relationship management functionality but contains a path traversal vulnerability across several scripts, including query_customer.py, update_customer.py, and create_customer.py. These scripts use the 'name' parameter to construct file paths (e.g., os.path.join(data_dir, f"{name}.yaml")) without sanitizing for directory traversal sequences like '../'. While no evidence of intentional malice or data exfiltration was found, this flaw could allow an attacker to manipulate or access files outside the intended data directory.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental customer name containing path syntax could write a YAML file outside the intended customer database folder, or similar scripts could modify existing YAML files outside that folder.
The user-controlled customer name is inserted directly into the filesystem path and then opened for writing, with no rejection of absolute paths, '..', or path separators.
parser.add_argument("name", help="客户姓名") ... file_path = os.path.join(data_dir, f"{name}.yaml") ... with open(file_path, "w", encoding="utf-8") as f:Sanitize customer names before using them as filenames, reject absolute paths and path separators, normalize the final path, and enforce that it remains inside data/customers.
Anyone with access to the skill files or workspace may be able to read stored customer personal and business information.
The skill persistently stores customer contact details, notes, service records, and monetary amounts in local YAML files.
**数据存储:** `data/customers/{name}.yaml` ... phone: 电话号码 ... email: 邮箱地址 ... wechat_id: 微信ID ... notes: 跟进记录列表 ... amount: 涉及金额Use it only in a trusted workspace, keep backups, apply normal access controls, and avoid storing regulated or highly sensitive customer data unless the local environment is protected.
The skill may fail until dependencies are installed, and users may need to make ad hoc package-install decisions without pinned versions.
The included scripts rely on non-standard Python packages, while the registry metadata provides no install spec or dependency declarations.
import jieba import jieba.posseg as pseg
Declare required Python packages and pin versions in an install or requirements file so users can review and reproduce the environment safely.