SF Plugin Core Assets Test
Security checks across malware telemetry and agentic risk
Overview
Prompt-injection indicators were detected in the submitted artifacts (you-are-now); human review is required before treating this skill as clean.
This appears safe to install as a Salesforce template/documentation bundle, but use care with sub-skills that touch a real Salesforce org. Review generated code and metadata before applying it, prefer sandboxes for testing, and keep OAuth secrets and refresh tokens out of prompts, logs, and shared files. ClawScan detected prompt-injection indicators (you-are-now), so this skill requires review even though the model response was benign.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If copied or executed against a real Salesforce org, these templates could delete records or metadata.
The manifest shows Salesforce cleanup and destructive deployment templates are included. These are consistent with a Salesforce developer/admin bundle, but they could affect real org data or metadata if a user applies them without review.
skills/sf-data/assets/cleanup/delete-test-data.apex ... skills/sf-deploy/assets/destructiveChanges.xml
Inspect any generated Apex/XML before use, test in a sandbox, keep backups, and require explicit confirmation before delete or destructive deployment actions.
Users who substitute real Salesforce secrets or tokens must protect them, because exposure could grant access to their Salesforce org.
The OAuth templates document Salesforce client credentials and bearer-token use. The values are placeholders and the endpoints are Salesforce endpoints, so this is purpose-aligned documentation rather than evidence of credential theft.
client_id=YOUR_CONSUMER_KEY ... client_secret=YOUR_CONSUMER_SECRET
Use least-privilege Salesforce apps/service users, avoid pasting real secrets into shared chats or logs, and store tokens only in secure secret storage.