Salesforce
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: salesforce-dx Version: 1.0.0 The skill bundle is benign. All files, including the `SKILL.md` instructions, are clearly aligned with the stated purpose of interacting with Salesforce via the `sf` CLI for data querying and pipeline management. The `SKILL.md` provides extensive, legitimate examples of `sf` CLI commands, along with standard shell utilities like `grep`, `jq`, and `date` for output processing and file operations (e.g., `> opps.csv`, `-d ./export`). The `scripts/schema-export.sh` is a utility script to generate schema documentation, which is a benign activity. There is no evidence of prompt injection attempts, data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against a real org, the agent could create or change Salesforce opportunities/accounts and affect sales reporting or business workflows.
The skill documents direct Salesforce record updates, bulk upserts, and imports. These are purpose-aligned, but they are high-impact CRM mutations and the shown instructions do not add explicit approval or containment safeguards.
sf data update record -s Opportunity -i 006xx000001234 -v "StageName='Negotiation'"; sf data upsert bulk -s Opportunity -f updates.csv -i Id --wait 10; sf data import tree -f ./export/Account.json
Require explicit user confirmation for every create, update, upsert, or import; use --target-org on write commands; prefer sandbox or least-privilege credentials; back up data before bulk changes.
The agent may act with your Salesforce permissions and could operate against the wrong default org, including production.
The skill relies on local Salesforce CLI authentication and sets a default org. Subsequent commands may use that active identity and its privileges, while the registry metadata declares no primary credential.
sf org login web --alias my-org --set-default
Declare the Salesforce credential/config requirement, avoid relying on an implicit default org for sensitive commands, and use explicit org aliases with least-privilege Salesforce access.
Salesforce customer, deal, or pipeline data may remain in local files after the task is complete.
The skill supports exporting CRM data to local files. This is disclosed and purpose-aligned, but those files can persist in the workspace and be reused or exposed later.
sf data query -q "SELECT Id, Name, Amount FROM Opportunity" --result-format csv > opps.csv; sf data export tree ... -d ./export
Export only necessary fields and rows, store outputs in approved locations, avoid committing them to shared repositories, and delete sensitive exports when no longer needed.
Users may not realize the skill depends on local Salesforce CLI setup and existing authenticated org state.
The registry contract does not declare the sf CLI, jq helper usage, or Salesforce authentication dependency that the artifacts expect. This is an install/disclosure gap rather than hidden code.
Required binaries (all must exist): none; Required env vars: none; Primary credential: none
Update metadata to declare required tools, authentication/config expectations, and ideally a source or homepage for provenance.
Running the helper will contact Salesforce through the CLI and write a file in the current working directory.
The helper script runs local sf and jq commands and writes a schema markdown file. This is aligned with schema export and shows no hidden endpoint, but it is still local command execution.
sf sobject describe --sobject "$OBJECT" $ORG_FLAG --json 2>/dev/null | jq -r ... >> "$OUTPUT_FILE"
Inspect the script before use, run it only with the intended object and org alias, and execute it from a safe working directory.