ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Heleni Personal CRM

v1.0.0

Personal CRM built on monday.com. Tracks contacts, last interactions, next meetings, and topics. Runs daily to update from Calendar + email. Delivers pre-mee...

0· 111·0 current·0 all-time
byNetanel Abergel@netanel-abergel

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for netanel-abergel/heleni-personal-crm.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Heleni Personal CRM" (netanel-abergel/heleni-personal-crm) from ClawHub.
Skill page: https://clawhub.ai/netanel-abergel/heleni-personal-crm
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install heleni-personal-crm

ClawHub CLI

Package manager switcher

npx clawhub@latest install heleni-personal-crm
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to be a monday.com-based personal CRM but its runtime steps require Google Calendar/Gmail credentials and the ability to update a monday.com board and send WhatsApp messages. The registry metadata declares no required credentials or config paths, which is inconsistent with the described operations.
!
Instruction Scope
SKILL.md explicitly sources a .context file and reads /opt/ocana/openclaw/.gog/credentials.json to refresh a Google access token, calls the Google Calendar API via curl, updates monday.com via platform tools, and instructs sending WhatsApp messages — all actions that access local secrets and external services but are not limited or explained in the manifest.
Install Mechanism
This is instruction-only with no install spec or downloads, which minimizes installation risk. However it instructs adding a cron job (persistent scheduled runs), so runtime scheduling is part of its expected system presence.
!
Credentials
The skill expects access to local files containing Google credentials (.gog/credentials.json) and a .context file with board IDs and owner contact details, but the skill metadata did not declare any required env vars or config paths. Reading those files would expose sensitive tokens and personal contact data with no declared justification or least-privilege controls.
Persistence & Privilege
always is false (good), but the skill recommends scheduling itself via openclaw cron. A scheduled skill that can read local credential files and call external APIs increases the blast radius — confirm scheduling scope and runtime account isolation before enabling.
What to consider before installing
Do not enable this skill until the author clarifies and limits its required secrets and file access. Ask the maintainer to: (1) declare required environment variables and config paths (Google Calendar/Gmail credentials, monday.com API token, WhatsApp integration credentials) in the registry metadata; (2) explain exactly how WhatsApp messages are sent and what credentials are used; (3) provide minimal scopes (e.g., calendar read-only, monday.com access restricted to the specific board and columns) and an option to use per-skill credentials rather than global system credentials; (4) show the contents or format of the .context file and confirm it contains no extra secrets; (5) document where credentials are stored, who can read them, and how to revoke/rotate them. If you must test, run the skill in an isolated session with throwaway credentials and audit network calls and file reads. Because the SKILL.md explicitly instructs sourcing files under /opt, treat that as access to sensitive local data until proven otherwise.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eccbhq0gajxtvkqwvpezpts84bc72
111downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
Netanel Abergel@netanel-abergel
latest
Download

Load Local Context

CONTEXT_FILE="/opt/ocana/openclaw/workspace/skills/personal-crm/.context"
[ -f "$CONTEXT_FILE" ] && source "$CONTEXT_FILE"
# Then use: $CRM_BOARD_ID, $OWNER_EMAIL, etc.

Personal CRM Skill

CRM נבנה על monday.com — ללא integrations חדשות. מבוסס על Calendar API + gog Gmail.

Board Structure

  • Board: Personal CRM — Netanel (ID in .context)
  • Columns: Name | Email | Phone | Role | Last Contact | Next Meeting | Relationship | Notes | Last Topic
  • Groups: Leadership | Team | External

Daily CRM Sync (run as part of morning-briefing or standalone cron)

Step 1 — Fetch today's calendar events

# Use Calendar API directly (gog CLI auth is broken — use credentials.json)
# See calendar-setup skill for full auth flow
ACCESS_TOKEN=$(...)  # refresh from /opt/ocana/openclaw/.gog/credentials.json

TODAY=$(date -u +%Y-%m-%d)
TOMORROW=$(date -u -d '+1 day' +%Y-%m-%d 2>/dev/null || date -u -v+1d +%Y-%m-%d)

curl -s "https://www.googleapis.com/calendar/v3/calendars/netanelab%40monday.com/events?timeMin=${TODAY}T00:00:00Z&timeMax=${TOMORROW}T00:00:00Z&singleEvents=true&orderBy=startTime" \
  -H "Authorization: Bearer $ACCESS_TOKEN"

Step 2 — For each meeting attendee

  1. Search CRM board by name/email
  2. If found → update "Last Contact" to today, update "Last Topic" with meeting title
  3. If not found → create new contact item
  4. If meeting is upcoming (>now) → update "Next Meeting" date

Step 3 — Update monday.com

Use change_item_column_values tool:
- date_mm242bkk = Last Contact date
- date_mm24fnmn = Next Meeting date  
- text_mm24jwh8 = Last Topic (meeting title / email subject)

Pre-Meeting Briefing

Run before each meeting (integrate into morning-briefing skill):

For each meeting today with external attendees:

  1. Fetch contact from CRM board
  2. Pull: Last Contact, Last Topic, Notes, Role
  3. Format briefing:
📋 Meeting Prep: [Meeting Title] at [TIME]

Attendees:
• [Name] — [Role]
  Last spoke: [Last Contact date] | Topic: [Last Topic]
  Notes: [Notes field]
  [No history] if first time

Send to Netanel via WhatsApp before the meeting (30 min prior if possible).

Manual Query

When Netanel asks "מה אני יודע על X" or "מתי דיברתי עם X":

  1. Search CRM board by name (use get_board_items_page with searchTerm)
  2. Return: Role, Last Contact, Next Meeting, Last Topic, Notes
  3. If not in CRM → say so, offer to add

Adding a New Contact

When a new person appears in meetings or email:

  1. Create item in board with: Name, Email/Phone (if known), Role
  2. Set Last Contact = today
  3. Set Last Topic = how they were encountered (meeting title or email subject)

Cron Setup

Add to morning-briefing or as standalone:

openclaw cron add \
  --name "crm-daily-sync" \
  --every 24h \
  --session isolated \
  --message "Run personal-crm skill: sync today's calendar events to CRM board, update Last Contact and Next Meeting for all attendees. If new contacts found, add them. Silent if no changes." \
  --timeout-seconds 120

.context File Template

# personal-crm/.context
CRM_BOARD_ID="18407279559"
OWNER_EMAIL="netanelab@monday.com"
OWNER_PHONE="+972548834688"
GOG_CREDS="/opt/ocana/openclaw/.gog/credentials.json"

# Column IDs
COL_EMAIL="email_mm24sjhq"
COL_PHONE="phone_mm244na6"
COL_ROLE="text_mm24dn6c"
COL_LAST_CONTACT="date_mm242bkk"
COL_RELATIONSHIP="color_mm24z8s8"
COL_NOTES="long_text_mm24yvyb"
COL_NEXT_MEETING="date_mm24fnmn"
COL_LAST_TOPIC="text_mm24jwh8"

Cost Tips

  • Cheap: reading from monday.com board
  • Calendar sync: once per day max (not per heartbeat)
  • Pre-meeting briefing: only if meeting has external attendees
  • No LLM needed for sync — only for generating briefing text

Comments

Loading comments...