ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

GHL CRM for Realtors

v1.0.0

Manage realtor tasks in GoHighLevel CRM including contact search and updates, pipeline tracking, messaging, calendar slots, and workflow enrollment via API v2.

2· 779·2 current·2 all-time
by@danielfoch

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for danielfoch/ghl-crm-for-realtors.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "GHL CRM for Realtors" (danielfoch/ghl-crm-for-realtors) from ClawHub.
Skill page: https://clawhub.ai/danielfoch/ghl-crm-for-realtors
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install ghl-crm-for-realtors

ClawHub CLI

Package manager switcher

npx clawhub@latest install ghl-crm-for-realtors
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code and SKILL.md are coherent with the stated purpose: both scripts interact only with GoHighLevel (services.leadconnectorhq.com) and implement contact, conversation, calendar, and opportunity endpoints. However, the registry metadata lists no required environment variables while the SKILL.md and both scripts clearly require HIGHLEVEL_TOKEN and HIGHLEVEL_LOCATION_ID. That metadata omission is an inconsistency that should be corrected.
Instruction Scope
Runtime instructions and scripts are narrowly scoped to the GHL API and related references; they do not attempt to read unrelated filesystem paths or contact unknown endpoints. Minor scope issues: references/troubleshooting.md shows example commands that echo $HIGHLEVEL_TOKEN (which would print the raw token), while SKILL.md's Safety Rules say 'Never print or echo raw tokens' — this contradiction could lead to accidental token exposure during debugging or by less-knowledgeable users.
Install Mechanism
No install spec; this is an instruction-only skill with included Python scripts using only standard library modules (urllib, json, re, etc.). There are no external downloads, package installers, or executable creation steps — low installation risk.
!
Credentials
The skill legitimately needs a Private Integration token (HIGHLEVEL_TOKEN) and a location ID (HIGHLEVEL_LOCATION_ID) to operate. These are sensitive credentials and are appropriately the only secrets required. However, the registry metadata failing to declare these env vars is a red flag for transparency. Also, the troubleshooting docs include examples that would print the token, increasing accidental exposure risk if users follow them without caution.
Persistence & Privilege
The skill does not request always:true or any elevated persistent platform privileges. It does not modify other skills or system-wide agent settings. It is user-invocable and allows autonomous invocation (platform default), which is expected for this kind of skill.
What to consider before installing
This skill looks like a plausible GHL integration, but take these precautions before installing: - Verify provenance: the source/homepage is unknown; confirm you trust the owner before supplying credentials. - Provide a dedicated Private Integration token with the minimum scopes needed (contacts.readonly, conversations.readonly/write, calendars, etc.) rather than a high-privilege account token. Rotate or revoke the token after testing. - Do not paste your token into chat or public logs. Although the setup script masks the token display, the troubleshooting docs include examples that echo $HIGHLEVEL_TOKEN — avoid running those echo commands publicly. - Because the registry metadata omits required env vars, ask the publisher to correct the manifest to declare HIGHLEVEL_TOKEN and HIGHLEVEL_LOCATION_ID so you can review permissions up front. - Test in a safe environment (a throwaway sub-account or token with limited scopes) before using this against production data. If you cannot verify the publisher or are uncomfortable supplying a token, do not install or run the scripts.

Like a lobster shell, security has layers — review code before you run it.

crmvk973e5ecrbsqq33ykhe6qp8tz981bvvgghlvk973e5ecrbsqq33ykhe6qp8tz981bvvglatestvk973e5ecrbsqq33ykhe6qp8tz981bvvgrealtorvk973e5ecrbsqq33ykhe6qp8tz981bvvg
779downloads
2stars
1versions
Updated 4h ago
v1.0.0
MIT-0
@danielfoch
crmghllatestrealtor
Download

GHL CRM for Realtors

Use this skill when a user wants realtor CRM actions in GoHighLevel (GHL), including lead follow-up, pipeline movement, appointment booking context, and messaging workflows.

Required Environment

Set these variables before running the scripts:

  • HIGHLEVEL_TOKEN (Private Integration token)
  • HIGHLEVEL_LOCATION_ID (sub-account location ID)

Optional runtime variables:

  • PYTHONUNBUFFERED=1

Setup

If the user asks to connect or set up GHL, run:

python3 scripts/setup-wizard.py

The wizard validates credentials and tests API connectivity.

Primary Script

Use the helper script for direct actions:

python3 scripts/ghl-api.py <command> [args...]

Common commands for realtor workflows:

  • test_connection
  • search_contacts [query]
  • get_contact [contact_id]
  • create_contact [json]
  • update_contact [contact_id] [json]
  • list_opportunities
  • list_pipelines
  • list_conversations
  • send_message [contact_id] [message]
  • list_calendars
  • get_free_slots [calendar_id] [start_date] [end_date]
  • list_workflows
  • add_to_workflow [contact_id] [workflow_id]

Realtor-Focused Playbooks

New Lead Intake

  1. search_contacts to prevent duplicates.
  2. If not found, create_contact with source tags (for example: buyer, zillow, open-house).
  3. Add next-step task/note using supported contact endpoints.

Pipeline Progress

  1. list_opportunities to inspect active deals.
  2. Move stage using the opportunity update command path in ghl-api.py.
  3. Confirm stage and status in response payload.

Follow-Up Messaging

  1. Resolve contact first (search_contacts or get_contact).
  2. Send message with send_message.
  3. Re-check conversation history with list_conversations.

Appointment Assist

  1. list_calendars
  2. get_free_slots for date range.
  3. Use the calendar endpoints in script for appointment creation if requested.

Safety Rules

  • Never print or echo raw tokens in chat output.
  • Prefer dry informational reads before write actions when intent is ambiguous.
  • Validate contact/opportunity IDs from GHL responses instead of guessing.
  • If an API error returns 401/403, stop and ask for corrected scopes or token.

References

Load these only as needed:

  • references/contacts.md
  • references/opportunities.md
  • references/conversations.md
  • references/calendars.md
  • references/troubleshooting.md

Comments

Loading comments...