Salesforce Fast integrations
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: salesforce-easy Version: 1.0.17 The Salesforce CRM skill bundle provides a robust and security-conscious integration for managing Salesforce data. It implements several safety layers, including input sanitization in `query.py` and `crud.py` to prevent SOQL injection, an explicit `confirmed` flag requirement for all destructive or bulk operations, and a restricted allowlist of standard objects (Lead, Contact, Account, etc.) to limit the blast radius of agent actions. The OAuth implementation in `oauth.py` follows best practices by restricting token POSTs to official Salesforce domains and providing a secure method to extract tokens from the local Salesforce CLI without exposing secrets in environment variables. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act in Salesforce with the permissions of the connected user or integration account.
The skill can retrieve and use a Salesforce access token from the local Salesforce CLI-authenticated org. This is purpose-aligned and bounded to Salesforce CLI org access, but it is still sensitive delegated account authority.
access_token = org.get("accessToken", "") ... os.environ["SALESFORCE_ACCESS_TOKEN"] = access_tokenUse a dedicated least-privilege Salesforce integration user or org alias, avoid admin tokens, and disconnect or rotate tokens if you stop using the skill.
Approved actions could create, update, or delete Salesforce Leads, Contacts, Accounts, Opportunities, or Tasks.
The skill includes Salesforce mutation and deletion tools. The code shows confirmation gating and an object allowlist, making this expected for the stated CRM-management purpose, but users should still notice the business-data impact.
def delete_record(object_type: str, record_id: str, confirmed: bool = False) ... "Deleting {object_type} {record_id} requires confirmation. Set confirmed=True to proceed."Confirm write, delete, and bulk operations explicitly; review record IDs and field changes before approving them.
If approved and later activated in Salesforce, automation could affect future Lead, Contact, or Account records across the org.
The automation module can make persistent org-wide Salesforce configuration changes. The artifact also states that confirmation is required and flows are deployed inactive, so this is a disclosed but important operational risk.
"Deploying Salesforce Flows and Validation Rules is a persistent, org-wide change that will affect all future records."
Test automation in a Salesforce sandbox, review generated flows/rules, and only activate them manually after an admin approves the impact.
Using password-based credentials could give the skill broad access matching that Salesforce user's permissions.
The skill documents an optional username/password/security-token authentication path. This is disclosed and purpose-aligned, but it is more sensitive than scoped OAuth token use.
SALESFORCE_USERNAME=your@email.com SALESFORCE_PASSWORD=<password> SALESFORCE_SECURITY_TOKEN=<security-token>
Prefer OAuth or Salesforce CLI login where possible, and if password credentials are used, store them securely and use a least-privilege account.