ClawHub
Back to skill
v1.0.0

Salesforce SDR Admin (Browser)

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:30 AM.

Analysis

This instruction-only skill is coherent but should be reviewed because it can use saved Salesforce credentials to perform broad business-record, admin, and code changes.

GuidanceInstall only if you want an agent to operate Salesforce in your browser. Use a least-privilege or sandbox Salesforce account when possible, keep credentials local and protected, attach only the intended Salesforce tab, require a clear dry-run summary before every write, and avoid production changes unless you have reviewed the exact impact and rollback plan.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityHighConfidenceHighStatusConcern
SKILL.md
Use when ... manage leads/opportunities/cases/quotes, perform setup or configuration tasks, or make Apex/LWC/Aura changes ... Always confirm before any write action (create/update/delete, setup changes, deployments).

The skill is intended to perform high-impact Salesforce writes, setup changes, deployments, and code edits through the browser. Confirmation is required, but the authority is broad and the artifacts do not specify rollback, least-privilege, or sandbox containment.

User impactA mistaken or overbroad confirmed action could change or delete sales/support data, alter Salesforce configuration, publish Experience Cloud changes, or modify org code.
RecommendationUse only with tightly scoped tasks. Require the exact org/environment, records, fields, and proposed diff before approval; prefer sandbox or least-privilege accounts; and define backup or rollback steps before production writes or deployments.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityHighConfidenceHighStatusConcern
references/credentials.md
Allowed Sources ... Environment variables ... Local credential file ... Browser autofill ... `SF_USERNAME`, `SF_PASSWORD`, `SF_SECURITY_TOKEN` ... Path: `~/.openclaw/credentials/salesforce.json`

The skill tells the agent to use stored Salesforce usernames, passwords, security tokens, or saved browser credentials. This is expected for Salesforce automation, but it is sensitive account access and is not reflected in the registry credential declarations.

User impactThe agent can log in as the configured Salesforce user; if that user is an admin, the agent can exercise broad business, setup, and development privileges.
RecommendationDeclare the credential requirement clearly, use a dedicated least-privilege or sandbox Salesforce user where possible, restrict local credential-file permissions, avoid plaintext password storage if possible, and verify the active org and user before allowing writes.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
Ensure browser control is attached (OpenClaw gateway running, Chrome relay attached to the active tab). ... Use the OpenClaw browser tool on the host profile.

Browser relay/gateway access is central to this browser-based skill, but it means Salesforce page data and the host browser profile are exposed to the browser-control channel.

User impactThe agent may view and act on the attached Salesforce tab using the host browser profile, so unrelated sensitive tabs or profiles could increase exposure.
RecommendationAttach only the intended Salesforce tab, use a dedicated browser profile for this work, and close unrelated sensitive pages before granting browser control.