Sales Rhythm Tracker — Alibaba Iron Army B2B Pipeline

This skill appears to do what it says: local, markdown-based pipeline management using a set of bash scripts. It does not contact external servers or ask for credentials. Before installing, consider these practical points: - Data exposure: Pipeline entries and activity logs are stored as plain text under ~/.openclaw/workspace/sales. If you will store real leads (PII, company data, deal values), ensure that the host/user account and backups are secure (encrypted disk, proper file permissions). - Agent output: The scripts and SKILL.md instruct the agent to read and print pipeline contents. If your agent forwards messages or integrates with networked services (chat apps, email, calendar), pipeline data could be transmitted externally. Only allow this skill if you trust the agent's messaging endpoints. - Local execution: The scripts perform simple file writes and use standard utilities (mkdir, cat, echo, date, tail). They do not execute user-supplied strings as shell commands, but they do write user-supplied text into markdown without sanitization. Avoid pasting untrusted content that could confuse downstream tooling. - Pairing with other skills: The README suggests integrations (calendar, voice-to-text). Those companion skills may introduce network access; review them separately if you plan to enable integrations. If you need stronger protections, consider running the workspace on an encrypted home directory, restricting file permissions (chmod 700), or adapting the scripts to encrypt/decrypt the markdown files.