Salesforce Commerce
PassAudited by ClawScan on May 13, 2026.
Overview
This appears to be a Salesforce Commerce development guidance skill with purpose-aligned documentation fetching and safety-check scripts, with no artifact-backed evidence of hidden credential theft, persistence, or destructive behavior.
This skill looks safe to install as developer guidance. Expect it to encourage web lookups of official Salesforce documentation, and be cautious before allowing any agent-run Salesforce CLI command, especially deploys, org logins, code activations, deletes, or production-targeted actions. Verify separately whether the bundled safety hook scripts are actually enabled in your OpenClaw environment.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may browse external official documentation before helping with Salesforce Commerce code.
The skill directs the agent to use web tools before writing implementation code. This is purpose-aligned for current Salesforce Commerce APIs, but it is still autonomous tool-use guidance the user should understand.
Before writing any Salesforce Commerce implementation code, you MUST web-search and/or web-fetch the relevant official documentation.
Allow this when current documentation is needed, and avoid sending proprietary code or secrets to external pages unless explicitly intended.
If the agent is allowed to run shell commands, Salesforce CLI actions could affect real orgs or storefronts.
The script explicitly handles high-impact Salesforce CLI and API operations. Its behavior is protective, but it shows the skill is meant to operate in contexts where deploy, activation, deletion, or production-impacting commands may arise.
DESTRUCTIVE_PATTERNS = [(r'sfcc-ci\s+code:activate\s+.*(production|prod-|prd-)', "Activate code on production — can break live storefront"), ... (r'sf\s+org\s+delete|sfdx\s+force:org:delete', "Org deletion — permanent data loss")]
Require explicit user confirmation for deploys, activations, deletes, and production-targeted Salesforce commands.
Connecting the agent environment to a Salesforce org can give tools access to org data and deployment permissions depending on the account used.
Salesforce org authentication is expected for Salesforce development workflows, and the artifact warns about it rather than capturing credentials. Users should still treat org login as account delegation.
(r'sf\s+org\s+login', "Org login — will authenticate to a Salesforce org")
Use least-privilege sandbox credentials when possible and confirm which org is targeted before any authenticated command.
Users may not actually receive the protective command and secret-check behavior unless the host separately configures those scripts.
The bundle includes helper scripts, but the provided install information says the skill is instruction-only. This means the safety scripts may be present in the package without being automatically installed or enforced.
No install spec — this is an instruction-only skill.
If relying on the safety hooks, verify in the OpenClaw host configuration that the bundled scripts are registered and active.