ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cleanup Deals

v1.0.0

Standardize deal pipelines, remove test deals, and address deals with missing amounts or close dates. Coordinates with Salesforce sync if applicable.

0· 108·0 current·0 all-time
by@tomgranot

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tomgranot/cleanup-deals.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cleanup Deals" (tomgranot/cleanup-deals) from ClawHub.
Skill page: https://clawhub.ai/tomgranot/cleanup-deals
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cleanup-deals

ClawHub CLI

Package manager switcher

npx clawhub@latest install cleanup-deals
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md clearly targets HubSpot deal cleanup (searching, deleting test deals, closing stale deals) and also notes Salesforce-synced deals — that purpose aligns with the operations described. However, the registry metadata declares no required environment variables or primary credential while the instructions explicitly expect a HUBSPOT_API_TOKEN (in .env). This mismatch is unexpected and should be corrected.
!
Instruction Scope
The runtime instructions instruct the agent to read a HUBSPOT_API_TOKEN (via os.getenv) and use the HubSpot API to search, delete, and modify deals. They include concrete deletion criteria (name contains 'test', amount = 0 with no contacts) and guidance to set deals to 'Closed Lost'. These are destructive operations and the SKILL.md does not mandate confirmation, dry-run/testing, or explicit safeguards beyond 'review with owner' for some steps. The instructions also reference Salesforce sync behavior (hs_salesforceopportunityid) — appropriate contextually, but again no guidance on how to safely detect and avoid modifying synced records beyond a note to coordinate with Salesforce admin.
Install Mechanism
This is an instruction-only skill with no install spec or code files, which reduces installation risk. The SKILL.md asks for Python with 'hubspot-api-client' but oddly states 'installed via `uv`' (likely a typo). That ambiguity could confuse implementers and lead to incorrect installation commands.
!
Credentials
The skill effectively requires a HubSpot API token (HUBSPOT_API_TOKEN) to operate, yet the registry lists no required env vars or primary credential. Requesting a single HubSpot token is proportionate to the stated purpose, but the omission in metadata is misleading. The SKILL.md also refers to Salesforce-synced deals but does not require any Salesforce credentials (which is reasonable if the skill only needs to avoid modifying synced records), though that should be made explicit.
Persistence & Privilege
The skill does not request persistent or elevated platform presence (always:false), which is appropriate. However, since model-invocation is enabled by default, an agent with access to the HubSpot token could autonomously perform deletions or closures if run without safeguards. The combination of autonomous invocation and destructive instructions increases operational risk even though it is not a metadata privilege escalation.
What to consider before installing
This skill’s instructions are coherent with a HubSpot deal-cleanup task, but the package metadata omits the HubSpot credential it requires and the SKILL.md contains ambiguous text (e.g., 'uv' install). Before installing or running it: 1) Treat the HUBSPOT_API_TOKEN as sensitive and only provide a token with the minimum scopes needed; consider using a read-only token for audits and a separate limited token for deletes/updates. 2) Require a dry-run mode or test in a sandbox account first; do not run destructive steps against production without explicit human confirmation. 3) Coordinate with Salesforce admins when synced records exist, and implement explicit checks to skip hs_salesforceopportunityid-bearing records. 4) Update the skill metadata to declare required env vars (HUBSPOT_API_TOKEN) and fix the install guidance (clarify how to install hubspot-api-client). 5) Add explicit safety controls in the workflow: confirmation prompts, logging, and an audit report before performing bulk deletes or status changes.

Like a lobster shell, security has layers — review code before you run it.

latestvk9708kqsgwdha6s9w001stef2983mzkr
108downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@tomgranot
latest
Download

Cleanup Deals

Standardize deal data to make pipeline reporting accurate. Test deals, missing amounts, and stale opportunities distort forecasts and pipeline metrics.

Prerequisites

  • HubSpot API token in .env
  • Python with hubspot-api-client installed via uv
  • Knowledge of which deal pipelines are active and which are synced from Salesforce

Important: Salesforce Sync Considerations

If deals are synced from Salesforce:

  • Do NOT delete or modify synced deals without coordinating with the Salesforce admin.
  • Changes in HubSpot may sync back to Salesforce and cause data loss.
  • Identify synced deals by checking for the hs_salesforceopportunityid property.

Step-by-Step Instructions

Stage 1: Before — Audit Deal Data

Pull deal metrics via the API:

from hubspot import HubSpot
from hubspot.crm.deals import PublicObjectSearchRequest

api_client = HubSpot(access_token=os.getenv("HUBSPOT_API_TOKEN"))

# Deals missing amount
no_amount = PublicObjectSearchRequest(
    filter_groups=[{
        "filters": [{
            "propertyName": "amount",
            "operator": "NOT_HAS_PROPERTY"
        }]
    }]
)

# Deals missing close date
no_close = PublicObjectSearchRequest(
    filter_groups=[{
        "filters": [{
            "propertyName": "closedate",
            "operator": "NOT_HAS_PROPERTY"
        }]
    }]
)

Record: total deals, deals per pipeline stage, deals missing amount, deals missing close date, stale deals (open with no activity in 60+ days).

Stage 2: Execute — Clean Up

  1. Delete test deals — search for deals with names containing "test", "demo", "sample", or with amount = $0 and no associated contacts.
  2. Address missing amounts — export deals without amount and work with sales to fill in values or mark as lost.
  3. Close stale deals — deals open with no activity in 90+ days should be reviewed with the deal owner. Set to "Closed Lost" if abandoned.
  4. Standardize pipeline stages — ensure all pipelines have consistent stage names and probability percentages.
  5. Remove unused pipelines — if a pipeline has zero active deals and is not in use, archive or delete it.

Stage 3: After — Verify

  1. Re-run the deal audit queries. Confirm:
    • Test deals removed
    • Missing amount count decreased
    • Stale deal count decreased
  2. Check pipeline reports for accuracy.

Stage 4: Rollback

  • Deleted deals can be restored from HubSpot's recycling bin within 90 days.
  • Stage changes and property updates can be reverted manually but there is no bulk undo.
  • For Salesforce-synced deals, check the Salesforce recycle bin as well.

Tips

  • Establish a deal hygiene rule: deals without activity for 60 days get an automated reminder to the owner (build a simple workflow).
  • Require amount and closedate as mandatory deal properties to prevent future gaps.

Comments

Loading comments...