Fxiaoke Sales Record Publish
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The listing advertises a cookie-based Fxiaoke CRM publisher, but the provided files are a simulated space-login demo, so the skill is materially inconsistent and its account/session authority is unclear.
Treat this skill as needing review before installation. Do not provide CRM sessions, cookies, or account access unless the publisher supplies matching CRM code and documentation that clearly states what data is read, what records can be published, and what user approval is required.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user expecting CRM automation could install or invoke a package whose files do not match the advertised purpose, and the 100% success claim is not supported by the artifacts.
The registry presents this as a CRM publishing tool that uses saved cookies and guarantees success, but the supplied SKILL.md/README/code are a simulated 'space-login' demo. This mismatch can mislead users and agents about what the skill actually does.
Name: Fxiaoke Sales Record Publish; Description: 自动检测登录并使用保存的cookies,智能填写销售记录必填项,一键发布纷享销客CRM销售记录,保证100%成功率。
Do not rely on this listing until the publisher aligns the name, description, documentation, and code, and removes or substantiates unrealistic success claims.
If the advertised behavior were implemented, it could act inside the user's CRM account using existing sessions without a clearly declared permission boundary.
Saved cookies are session credentials, and publishing CRM sales records is delegated account authority. The artifact contract declares no credential or config requirements and provides no scoping for what cookies would be used or what records could be posted.
Description: 自动检测登录并使用保存的cookies...一键发布纷享销客CRM销售记录...; Required env vars: none; Primary credential: none; Required config paths: none
Require clear documentation of cookie source, account scope, approval before posting, audit output, and revocation/cleanup before using this for any real CRM account.
Users have limited information for verifying who produced the skill or why the package contents differ from the listing.
No remote installer or dependency risk is shown, but provenance is sparse, and that matters more because the advertised listing and packaged files do not align.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Prefer a version with a known source repository, matching documentation, and a reproducible package before installation.