ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CRM Engine

v1.0.0

Full CRM with accounts, leads, deals, contacts, pipelines, and work orders — built for AI agents.

0· 90·0 current·0 all-time
by@cameron48

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cameron48/mcf-crm-engine.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "CRM Engine" (cameron48/mcf-crm-engine) from ClawHub.
Skill page: https://clawhub.ai/cameron48/mcf-crm-engine
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mcf-crm-engine

ClawHub CLI

Package manager switcher

npx clawhub@latest install mcf-crm-engine
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match the SKILL.md: endpoints cover accounts, leads, deals, contacts, pipelines, and work orders. The declared gateway URL aligns with the stated API-based CRM purpose, and there are no unrelated binaries, installs, or env vars requested.
!
Instruction Scope
SKILL.md only instructs calling specific HTTP endpoints at the listed gateway, which is in-scope for a CRM. However the payment requirement (x402 / USDC on Base L2) is underspecified: there are no instructions for how to initiate or sign payments, no contract/address info, and no auth token flow. That vagueness could cause an agent to prompt for wallet credentials, private keys, or to attempt automated on-chain payments without clear guardrails. The skill also transmits potentially sensitive CRM data to an external gateway of unknown provenance.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal local surface area and nothing is written to disk by an installer.
Credentials
No environment variables or credentials are requested, which is consistent with a pay-per-call API. But because payment is required, real-world integration will likely require a wallet or signing mechanism (not declared). The absence of declared credentials makes the payment/authentication model unclear and therefore disproportionate in operational ambiguity.
Persistence & Privilege
The skill is not always-on and is user-invocable (normal). However, the platform-default allowance for autonomous invocation combined with a pay-per-call API increases risk: an autonomous agent could make repeated paid calls (or attempt payments) unless agent autonomy is constrained.
What to consider before installing
This skill appears to be a legitimate API-driven CRM, but there are important unknowns you should resolve before enabling it: - Gateway trust: the skill points to https://gateway.mcfagentic.com. Verify the operator, privacy policy, and SLA. Do not send real customer data until you trust the endpoint. - Payment flow: the SKILL.md says calls require x402 (USDC on Base). Ask the author for explicit instructions: smart contract addresses, how to include payment in requests, and whether the skill will ever ask for private keys or wallet seed phrases. Never provide private keys or seed phrases to the agent or skill. - Test with limits: if you enable it, run tests with synthetic data and the smallest possible payment or a sandbox environment. Monitor and limit spend (rate limits, daily caps) if possible. - Restrict autonomy: consider disabling autonomous invocation or require explicit user approval for actions that may incur cost. Log and review every outbound call until you’re confident. - Data protection: the skill will send PII (contacts, emails) to the external gateway; ensure this is acceptable under your privacy/compliance rules. If the vendor cannot clearly document the payment/auth flow and provide verifiable identity for the gateway, treat the integration as high risk and avoid enabling it for production data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b1hcq8veedzsdr78cg95fch840j7y
90downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@cameron48
latest
Download

CRM Engine

A complete CRM system designed for autonomous AI agents. Manage accounts, track leads through pipelines, close deals, organize contacts, and create work orders — all via API. Built to be the persistent memory layer for sales and service agents.

Authentication

All endpoints require x402 payment (USDC on Base L2). Send a request without payment to receive pricing info in the 402 response.

Endpoints

Create Account

  • Method: POST
  • Path: /api/crm/accounts
  • Price: $0.05 per call
  • Description: Create a new business account in the CRM.

Request:

{
  "name": "Comfort Zone HVAC",
  "industry": "HVAC",
  "website": "comfortzonehvac.com",
  "phone": "214-555-0142",
  "address": "1200 Commerce St, Dallas, TX 75201",
  "tags": ["prospect", "hvac", "dallas"]
}

Response:

{
  "id": "acc_8x2kf9",
  "name": "Comfort Zone HVAC",
  "created_at": "2026-04-01T14:30:00Z",
  "status": "active"
}

Manage Leads

  • Method: POST
  • Path: /api/crm/leads
  • Price: $0.05 per call
  • Description: Create or update a lead. Leads track prospective clients through qualification stages.

Request:

{
  "account_id": "acc_8x2kf9",
  "contact_name": "Mike Torres",
  "email": "mike@comfortzonehvac.com",
  "source": "ai-pipeline",
  "stage": "qualified",
  "score": 85,
  "notes": "Needs scheduling automation, no current CRM"
}

Response:

{
  "id": "lead_3m7np2",
  "account_id": "acc_8x2kf9",
  "stage": "qualified",
  "score": 85,
  "created_at": "2026-04-01T14:31:00Z"
}

Manage Deals

  • Method: POST
  • Path: /api/crm/deals
  • Price: $0.05 per call
  • Description: Create or update a deal. Track revenue opportunities through your sales pipeline.

Request:

{
  "lead_id": "lead_3m7np2",
  "account_id": "acc_8x2kf9",
  "title": "AI Scheduling Bundle - Comfort Zone HVAC",
  "value": 5964,
  "currency": "USD",
  "stage": "proposal",
  "close_date": "2026-04-15"
}

Response:

{
  "id": "deal_9k4rt1",
  "title": "AI Scheduling Bundle - Comfort Zone HVAC",
  "value": 5964,
  "stage": "proposal",
  "pipeline_id": "pipe_default"
}

Manage Contacts

  • Method: POST
  • Path: /api/crm/contacts
  • Price: $0.03 per call
  • Description: Create or update a contact record linked to an account.

Request:

{
  "account_id": "acc_8x2kf9",
  "first_name": "Mike",
  "last_name": "Torres",
  "email": "mike@comfortzonehvac.com",
  "phone": "214-555-0142",
  "role": "Owner"
}

Response:

{
  "id": "con_5h8jw3",
  "account_id": "acc_8x2kf9",
  "full_name": "Mike Torres",
  "role": "Owner"
}

List Pipelines

  • Method: GET
  • Path: /api/crm/pipelines
  • Price: $0.02 per call
  • Description: List all sales pipelines and their stages.

Request:

GET /api/crm/pipelines

Response:

{
  "pipelines": [
    {
      "id": "pipe_default",
      "name": "Default Sales Pipeline",
      "stages": ["prospect", "qualified", "proposal", "negotiation", "closed-won", "closed-lost"]
    }
  ]
}

Create Work Order

  • Method: POST
  • Path: /api/crm/work-orders
  • Price: $0.05 per call
  • Description: Create a work order tied to an account or deal. Track deliverables, tasks, and service fulfillment.

Request:

{
  "account_id": "acc_8x2kf9",
  "deal_id": "deal_9k4rt1",
  "title": "Set up AI scheduling system",
  "description": "Deploy scheduling engine, configure availability, train staff",
  "priority": "high",
  "due_date": "2026-04-20"
}

Response:

{
  "id": "wo_2n6qp8",
  "title": "Set up AI scheduling system",
  "status": "open",
  "priority": "high",
  "created_at": "2026-04-01T14:35:00Z"
}

Use Cases

  • An AI sales agent closes a deal and needs to create the account, contact, and work order automatically
  • A lead-gen pipeline deposits qualified leads directly into the CRM for follow-up
  • An autonomous agent tracks deal progression and updates stages based on email replies
  • A service agent creates work orders when contracts are signed
  • An analytics agent pulls pipeline data to forecast revenue

Pricing

EndpointPriceDescription
/api/crm/accounts$0.05Create or update accounts
/api/crm/leads$0.05Create or update leads
/api/crm/deals$0.05Create or update deals
/api/crm/contacts$0.03Create or update contacts
/api/crm/pipelines$0.02List pipelines and stages
/api/crm/work-orders$0.05Create or update work orders

Comments

Loading comments...