raai-price-probe-dogovornaya-20260421
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This looks like a customer-support automation package, but it asks for sensitive service credentials and describes automatic CRM, refund, and customer-response actions without clear approval or scope limits.
Review carefully before installing. Do not connect production CRM, Telegram, Sheets, or refund-capable accounts until the publisher documents credential scopes, data flows, approval gates, and rollback/audit controls. Run it first in a test workspace with fake tickets and least-privilege tokens.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misclassification or bad prompt could create or change CRM records, approve small refunds, or route customer issues incorrectly.
The configuration enables automatic refund approval thresholds and CRM ticket/card mutation. These are high-impact business actions, but the artifacts do not show clear approval, rollback, or scoping controls.
returns: ... auto_approve_return_under_rub: 1000 ... crm: ... api_key: "" auto_create_ticket: true auto_update_client_card: true
Use dry-run mode by default, require human confirmation for refunds, CRM writes, ticket closure, and customer-facing messages, and use audit logs plus least-privilege CRM accounts.
Installing users may provide broad account credentials without realizing how much authority the skill can exercise in external systems.
The skill asks for sensitive provider, bot, CRM, and Sheets credentials, while the registry section declares no required env vars or primary credential. The artifacts do not define required scopes or safe credential handling.
requires: env: - ANTHROPIC_API_KEY - OPENAI_API_KEY optional: env: - TELEGRAM_BOT_TOKEN - BITRIX24_WEBHOOK_URL - AMOCRM_API_KEY - GOOGLE_SHEETS_CREDENTIALS_JSON
Declare all credentials in registry metadata, document exact scopes, prefer read-only or narrowly scoped tokens, and never place production master keys in shared config files.
Customer PII and CRM history could be sent to external services or exposed in reports/chats without clear controls.
The skill is expected to process customer identifiers, contact details, LTV, ticket history, and support notes. The artifacts also reference LLM, Telegram, CRM, and Sheets integrations, but do not define data minimization, retention, or sharing boundaries.
КАРТОЧКА КЛИЕНТА #CRM-2291 ... Telegram: @svetlana_i | Email: s.ivanova@mail.ru ... LTV: 124 000 руб ... История
Document what customer data is sent where, redact unnecessary PII, define retention rules, and require explicit approval before sending customer records to third-party tools.
Running shell scripts can modify the local environment, so users should not treat this as purely instruction-only.
The README instructs users to run local shell scripts even though the install specification says this is an instruction-only skill. This is user-directed setup, not proof of malicious behavior, but it is a metadata/install mismatch.
# 1. Установить bash install.sh ... # 3. Проверить установку bash test/smoke-test.sh
Inspect install.sh and test/smoke-test.sh before running them, and the publisher should add an explicit install spec or document exactly what the scripts do.
A user may believe the skill is self-contained when it actually depends on external providers and sensitive credentials for full operation.
This claim conflicts with other artifact text that requires Anthropic/OpenAI keys and optionally uses Telegram, Bitrix24, amoCRM, and Google Sheets credentials. Users could underestimate external-service dependency and data exposure.
Без внешних платных зависимостей ... Наша автономна
Correct the marketing and README language to clearly disclose all external services, credentials, costs, and data flows.