ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CRM

v1.0.0

Guide users building a personal CRM from simple files to structured database.

2· 2.2k·11 current·12 all-time
byIván@ivangdavila
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description (personal CRM from files → structured DB) align with its contents: it focuses on file-based schemas, when to add interaction/company/deals files, and when to migrate to SQLite. There are no unrelated required env vars, binaries, or installs.
Instruction Scope
SKILL.md instructs the agent to create a ~/crm/ folder, propose helper scripts, and offer to write migration scripts. Those actions are coherent with the purpose but mean the agent may create and modify files and generate code to run locally — the user should review any generated scripts before executing them. The instructions do not request access to unrelated system paths or external endpoints.
Install Mechanism
No install spec and no code files — instruction-only. This is low risk: nothing will be downloaded or written by an installer. Any file writes would come from agent-suggested commands or generated scripts at runtime.
Credentials
The skill requires no environment variables, credentials, or config paths. That is proportional for a local, single-user CRM workflow described in the doc.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modification of other skills or system-wide settings. Its recommended actions are limited to the user's home directory (~/crm) and optional helper scripts.
Assessment
This skill appears coherent and low-risk, but keep these precautions: 1) Review any commands or scripts the agent generates (especially migration scripts) before running them — they may modify or overwrite your files. 2) Back up ~/crm/ (or follow the skill's own backup advice) before bulk edits or migrations. 3) If the skill suggests cloud sync, consider the privacy implications of storing contacts in third-party services. 4) If you’re uncomfortable with automatic file writes, ask the agent to provide scripts/commands for manual review and execution instead of running them directly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bpwj4db7n23n8ajyz4wfy8980xasn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤝 Clawdis
OSLinux · macOS · Windows

Comments