Crisp Skill
ReviewAudited by ClawScan on May 1, 2026.
Overview
The skill is a coherent Crisp customer-support integration, but it uses read/write Crisp credentials and can send or change customer conversations, so users should confirm actions carefully.
Install this only if you are comfortable giving the agent access to your Crisp support inbox through a plugin token. Use the narrowest workable Crisp scopes, keep the token in a trusted environment, and manually confirm customer-facing replies and conversation status changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring the skill lets the agent read customer support data and perform actions through the configured Crisp token.
The skill requires a Crisp plugin token with read/write access to customer conversations and actions. This is expected for customer support, but it is delegated account authority.
Required scopes when creating the token: - ✅ `website:conversation:sessions` (Read) - ✅ `website:conversation:messages` (Read/Write) - ✅ `website:conversation:actions` (Read/Write)
Use the least-privileged Crisp token that supports the needed workflows, store the token only in a trusted environment, and update registry metadata to declare the required credential variables.
If invoked incorrectly, the agent could send an unintended support reply or mark/resolve a conversation prematurely.
The documented workflows include customer-visible sending and conversation state changes. These are purpose-aligned, but mistakes can affect customers and support operations.
scripts/crisp.py message send <session_id> "Your reply text here" ... scripts/crisp.py conversation read <session_id> ... scripts/crisp.py conversation resolve <session_id>
Keep the documented confirmation step before sending replies, and require explicit user approval before status-changing actions such as marking read or resolving conversations.
Users may install whatever current version of the dependency their package index provides.
The setup uses a manual, unpinned package install. This is a normal dependency for a Python API client, but pinning would improve reproducibility and supply-chain clarity.
pip3 install requests
Install in a virtual environment and consider pinning a known-good requests version or documenting a lockfile-based setup.