ClawHub
Bundle Pluginsource linked

SF Plugin Core Refs Assets Testv0.0.1

Salesforce skill bundle plugin for Codex-compatible hosts and OpenClaw bundle installs.

sf-plugin-core-refs-assets-test·runtime sf-plugin-core-refs-assets-test·by @dsouza-anush
openclaw bundles install clawhub:sf-plugin-core-refs-assets-test
Latest release: v0.0.1Download zip

Capabilities

Bundle format
codex
Tags
bundle-onlyformat:codexhost:codex
Host targets
codex
Runtime ID
sf-plugin-core-refs-assets-test

Compatibility

Built With Open Claw Version
0.1.0
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description and the large set of included Salesforce assets (Apex, LWC, diagrams, templates) are coherent with a Salesforce plugin. However, the runtime docs instruct use of the Salesforce CLI and local helper scripts (e.g., query-org-metadata.py, sf data query --target-org myorg) and examples show private-key/JWT flows. The skill declares no required binaries (e.g., python, sf CLI) and no required environment variables or credentials — a mismatch: generating grounded ERDs or running metadata queries legitimately requires access to an org and tooling, but those credentials/tools are not declared.
!
Instruction Scope
The SKILL.md and reference docs explicitly tell the agent/user to run local scripts and CLI commands (python scripts under scripts/, 'sf' CLI queries, explicit example commands to read org metadata and count records). Those instructions implicitly require access to local files and org credentials. The SKILL.md also contains detected prompt‑injection patterns (e.g. 'ignore-previous-instructions', 'you-are-now'), which could attempt to influence an LLM's behavior. While most instructions are Salesforce-relevant, they grant the agent broad discretion to run local scripts and query sensitive org metadata without declaring the credentials or tooling needed.
Install Mechanism
There is no install spec (instruction-only), which is lower risk because nothing is defined to be downloaded or executed automatically. However the bundle contains hundreds of files and scripts (assets, helpers, and a few shell/Python scripts referenced by the docs). That means a host may unpack these assets to disk for the skill to use; review the included scripts before executing them.
!
Credentials
The package declares no required environment variables or primary credential, yet the documentation and examples show operations that require Salesforce org access (sf CLI commands with --target-org, scripts that query org metadata, JWT/private-key examples). This is disproportionate — the skill will not function as documented without access to credentials and tooling, and the skill gives no guidance about which secrets will be needed or how they are used.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-level privileges in the registry metadata. It does not declare modifications to other skills or system-wide settings. Autonomy (disable-model-invocation:false) is the platform default and is not by itself flagged.
Scan Findings in Context
[prompt-injection:ignore-previous-instructions] unexpected: Detected in SKILL.md content. Such phrases are not expected in benign skill documentation and can be used to try to override the agent's prior instructions or host policy. Even if accidental, treat as a red flag and verify context.
[prompt-injection:you-are-now] unexpected: Detected in SKILL.md content. This pattern can be used to attempt to re-role the model. It is not necessary for a documentation-style skill and should be removed or justified by the author.
What to consider before installing
What to consider before installing: 1) Do not run any included scripts against production orgs or with real credentials until you review them. The docs instruct running Python scripts and 'sf' CLI commands that require Salesforce credentials and possibly private keys, but the skill declares no required credentials — that mismatch is suspicious. 2) Inspect the bundle locally first. Because there's no install step, the host may unpack assets. Open and read any scripts (e.g., query-org-metadata.py, mermaid_preview.py, deploy.sh) and search them for network endpoints, hard-coded URLs, and unexpected outbound requests before executing. 3) Treat detected prompt-injection text seriously. The SKILL.md contains phrases that could try to alter an LLM's behavior; ask the author to remove these or explain why they're present. 4) If you want to try the skill, use an isolated sandbox environment and least-privilege credentials (a throwaway org or a service account with minimal permissions). Prefer manual invocation rather than allowing autonomous agent execution until you're confident. 5) Ask the publisher for clarification: which external tools are required (python, sf CLI, node, etc.), which environment variables or credentials will be used, whether any included scripts make external network calls, and why prompt-injection phrases appear in SKILL.md. 6) If you lack the ability to audit code, consider not installing, or request a signed/verified release or an install spec that declares required tools and secrets and documents safe usage.
!
skills/sf-ai-agentforce-testing/references/multi-turn-testing.md:296
Prompt-injection style instruction pattern detected.
!
skills/sf-ai-agentscript/references/fsm-architecture.md:393
Prompt-injection style instruction pattern detected.
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/dsouzaAnush/salesforce-plugin
Commit
4dd86807732f
Tag
main
Provenance
No
Scan status
pending

Tags

latest
0.0.1
salesforce
0.0.1
test
0.0.1