raai-price-probe-dogovornaya-20260421
AdvisoryAudited by VirusTotal on Apr 21, 2026.
Overview
Type: OpenClaw Skill Name: raai-price-probe-dogovornaya-20260421 Version: 0.0.1 The bundle is a comprehensive AI-driven customer support system (AI-Support PRO) designed for the OpenClaw platform. It contains detailed prompt instructions (SKILL.md) for ticket categorization, SLA tracking, sentiment analysis, and CRM integration, alongside standard utility scripts (install.sh, build.sh) for deployment and verification. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found; all components are logically aligned with the stated purpose of automating support operations and managing customer service workflows.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A misclassification or bad prompt could create or change CRM records, approve small refunds, or route customer issues incorrectly.
The configuration enables automatic refund approval thresholds and CRM ticket/card mutation. These are high-impact business actions, but the artifacts do not show clear approval, rollback, or scoping controls.
returns: ... auto_approve_return_under_rub: 1000 ... crm: ... api_key: "" auto_create_ticket: true auto_update_client_card: true
Use dry-run mode by default, require human confirmation for refunds, CRM writes, ticket closure, and customer-facing messages, and use audit logs plus least-privilege CRM accounts.
Installing users may provide broad account credentials without realizing how much authority the skill can exercise in external systems.
The skill asks for sensitive provider, bot, CRM, and Sheets credentials, while the registry section declares no required env vars or primary credential. The artifacts do not define required scopes or safe credential handling.
requires: env: - ANTHROPIC_API_KEY - OPENAI_API_KEY optional: env: - TELEGRAM_BOT_TOKEN - BITRIX24_WEBHOOK_URL - AMOCRM_API_KEY - GOOGLE_SHEETS_CREDENTIALS_JSON
Declare all credentials in registry metadata, document exact scopes, prefer read-only or narrowly scoped tokens, and never place production master keys in shared config files.
Customer PII and CRM history could be sent to external services or exposed in reports/chats without clear controls.
The skill is expected to process customer identifiers, contact details, LTV, ticket history, and support notes. The artifacts also reference LLM, Telegram, CRM, and Sheets integrations, but do not define data minimization, retention, or sharing boundaries.
КАРТОЧКА КЛИЕНТА #CRM-2291 ... Telegram: @svetlana_i | Email: s.ivanova@mail.ru ... LTV: 124 000 руб ... История
Document what customer data is sent where, redact unnecessary PII, define retention rules, and require explicit approval before sending customer records to third-party tools.
Running shell scripts can modify the local environment, so users should not treat this as purely instruction-only.
The README instructs users to run local shell scripts even though the install specification says this is an instruction-only skill. This is user-directed setup, not proof of malicious behavior, but it is a metadata/install mismatch.
# 1. Установить bash install.sh ... # 3. Проверить установку bash test/smoke-test.sh
Inspect install.sh and test/smoke-test.sh before running them, and the publisher should add an explicit install spec or document exactly what the scripts do.
A user may believe the skill is self-contained when it actually depends on external providers and sensitive credentials for full operation.
This claim conflicts with other artifact text that requires Anthropic/OpenAI keys and optionally uses Telegram, Bitrix24, amoCRM, and Google Sheets credentials. Users could underestimate external-service dependency and data exposure.
Без внешних платных зависимостей ... Наша автономна
Correct the marketing and README language to clearly disclose all external services, credentials, costs, and data flows.