ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Follow Up Boss

v1.0.0

Command-line tool to manage contacts, tasks, notes, deals, events, and communications via the Follow Up Boss API.

0· 812·2 current·2 all-time
by@danielfoch

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for danielfoch/follow-up-boss.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Follow Up Boss" (danielfoch/follow-up-boss) from ClawHub.
Skill page: https://clawhub.ai/danielfoch/follow-up-boss
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install follow-up-boss

ClawHub CLI

Package manager switcher

npx clawhub@latest install follow-up-boss
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name, description, SKILL.md, and fub.js all align: this is a CLI for the Follow Up Boss API and uses the API to manage people, events, notes, tasks, etc. The requested capability (API access) is coherent with the stated purpose. However, the registry metadata declares no required environment variables or primary credential even though both the instructions and the code require an API key, so there is a metadata/documentation mismatch.
Instruction Scope
SKILL.md instructs the agent/user to set FUB_API_KEY and run node fub.js with standard commands. The runtime instructions remain within the scope of the Follow Up Boss API and do not ask the agent to read unrelated files, system state, or transmit data to third-party endpoints. The code only uses the Follow Up Boss API base URL and optional X-System headers.
Install Mechanism
There is no install spec (instruction-only skill), and the included fub.js is plain JavaScript with no obfuscation or external download steps. This is lower risk: nothing will be pulled from arbitrary URLs at install time.
!
Credentials
The code requires an API credential: FUB_API_KEY (and supports two optional env vars FUB_SYSTEM_KEY and FUB_SYSTEM_NAME). Requesting an API key is proportionate to the task. The concern is that the registry metadata lists no required env vars or primary credential — a discrepancy that could mislead users into installing without realizing a secret must be provided. The SKILL.md documents FUB_API_KEY but does not mention the optional system env vars present in the code.
Persistence & Privilege
The skill is not marked always:true and uses normal, user-invocable behavior. It does not attempt to modify other skills or system-wide settings. No elevated persistence requested.
What to consider before installing
This skill appears to be a straightforward Follow Up Boss CLI, but there are two actionable concerns you should resolve before installing or using it: - Metadata mismatch: The registry entry declares no required environment variables or primary credential, yet SKILL.md and the code require an API key (FUB_API_KEY). Treat the API key as sensitive: do not paste it into public places and prefer injecting it via secure environment mechanisms. - Untrusted source/homepage: The skill lists no homepage or known source. If you plan to use it, review the fub.js file yourself (it is included) and confirm it does only what you expect (calls api.followupboss.com). Consider running it in a restricted environment or container first. Additional notes: - The code also supports FUB_SYSTEM_KEY and FUB_SYSTEM_NAME (not documented in SKILL.md); if you use system integrations, ensure you understand those headers. - Ensure your Node runtime provides global fetch or run with a Node version that supports it, otherwise inspect/modify the script to include a fetch polyfill you trust. - If you proceed, provide the minimum-scoped API key possible, and rotate the key if it is accidentally exposed. If the publisher can update the registry metadata to list FUB_API_KEY as a required credential and provide a homepage/source repository, that would remove the main inconsistency and increase confidence.

Like a lobster shell, security has layers — review code before you run it.

crmvk971frmg2kevr5ss3v96b3metx81461cfollow-up-bossvk971frmg2kevr5ss3v96b3metx81461cfubvk971frmg2kevr5ss3v96b3metx81461clatestvk971frmg2kevr5ss3v96b3metx81461c
812downloads
0stars
1versions
Updated 12h ago
v1.0.0
MIT-0
@danielfoch
crmfollow-up-bossfublatest
Download

Follow Up Boss (CLI)

CLI for interacting with the Follow Up Boss API.

Setup

  1. Get API Key: Follow Up Boss → Admin → API → Create API Key

  2. Set Environment Variable:

export FUB_API_KEY="fka_xxxxxxxxxxxx"

CLI Usage

node fub.js <command> [options]

Commands

CommandDescription
meCurrent user info
people [query]List/search people
person <id>Get person details
people create <json>Create person via /events (triggers automations)
people update <id> <json>Update a person
notes <personId>Get notes for a person
notes create <json>Create a note
tasks [query]List tasks
tasks create <json>Create a task
tasks complete <id>Complete a task
events [query]List events
events create <json>Create event (for lead intake)
pipelinesGet pipelines
deals [query]List deals
deals create <json>Create a deal
textmessages <personId>Get text messages for a person
textmessages create <json>Log a text (NOT sent - recorded only!)
emails <personId>Get emails for a person
emails create <json>Log an email (NOT sent - recorded only!)
calls <personId>Get calls for a person
calls create <json>Log a call
webhooksList webhooks
webhooks create <json>Create webhook
webhooks delete <id>Delete webhook
sourcesGet lead sources
usersGet users/agents
search <query>Global search

Examples

# List people
node fub.js people "limit=10"

# Get person
node fub.js person 123

# Create a lead (triggers automations!)
node fub.js events create '{"source":"Website","system":{"name":"John Doe","email":"john@test.com","phone":"5551234567"}}'

# Add a note
node fub.js notes create '{"personId":123,"body":"Called - left voicemail"}'

# Create task
node fub.js tasks create '{"personId":123,"body":"Follow up","dueDate":"2026-02-20"}'

# Complete task
node fub.js tasks complete 456

# Log a text (NOT sent - recorded!)
node fub.js textmessages create '{"personId":123,"body":"Hey!","direction":"outbound"}'

# Log a call
node fub.js calls create '{"personId":123,"direction":"outbound","outcome":"voicemail"}'

# Search
node fub.js search "john"

Important Notes

  • Text/Email Logging: The API can log texts and emails but cannot actually send them. Use FUB's built-in texting or integrations like SendHub for sending.
  • Rate Limits: GET /events: 20 req/10 sec, All else: 250 req/10 sec

Comments

Loading comments...