Salesforce
v1.0.0Query Salesforce data and manage sales pipelines using the `sf` CLI. Use for SOQL queries (simple to complex), opportunity pipeline analysis, forecast reporting, data exports, schema exploration, and CRM data operations. Also use for executive workflows like looking up deals by name, finding contact info to email prospects, preparing pipeline reviews, and cross-referencing CRM data with other tools. Triggers on Salesforce, SOQL, pipeline, opportunity, forecast, CRM data, deal lookup, prospect email, account info, or sf CLI questions.
⭐ 1· 2.1k·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's name, description, SKILL.md and script all focus on using the Salesforce 'sf' CLI to run SOQL queries, manage pipelines, and export schema/data — that matches the stated purpose. Minor inconsistency: the skill metadata lists no required binaries, but the instructions and included script assume 'sf' is installed and also use common Unix tools (jq, grep, jq in the script). Declaring 'sf' and 'jq' as required binaries would be expected.
Instruction Scope
SKILL.md explicitly instructs the agent to run 'sf' commands, to authenticate via 'sf org login web' if necessary, and to export results to CSV/JSON/markdown. The instructions do not ask the agent to read unrelated files or environment variables or to transmit data to unexpected external endpoints. They do direct creation of local export files (CSV/JSON/markdown) and rely on parsing tools (jq/grep).
Install Mechanism
There is no install spec (instruction-only) and only a small helper script is included. No downloads, package installs, or external installers are invoked by the skill itself — this is low-risk from an installation perspective.
Credentials
The skill declares no environment variables or credentials, which is consistent with using the local 'sf' CLI for auth. However, it implicitly requires authenticated Salesforce org access (OAuth tokens stored by 'sf') and read/write access to the org via the CLI. There is no justification for additional unrelated secrets. Users should be aware that the skill will operate with whatever org permissions the authenticated CLI user has (so least privilege / sandbox usage is recommended).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not install persistent services. It will create/export local files when run (CSV/JSON/markdown), which is expected behavior for a data-export helper.
Assessment
This skill appears to be a normal helper for the Salesforce 'sf' CLI, but before installing or using it: 1) Ensure you have the 'sf' CLI installed and authenticated to the correct Salesforce org (and prefer a sandbox/test org for evaluation). 2) Install the small dependencies used in the examples/scripts (jq, grep) or expect the commands to fail if missing. 3) Recognize that the skill runs CLI queries under your existing 'sf' credentials — it can read and export org data to local files (CSV/JSON/markdown), so only grant it access to an account with appropriate (least) privilege. 4) If you will allow autonomous agent invocation, consider the risk of automatic exports of sensitive CRM data; restrict scope or test manually first. The main actionable fix for the publisher would be to declare required binaries ('sf', 'jq') in the metadata to remove the small metadata inconsistency.Like a lobster shell, security has layers — review code before you run it.
latestvk97e4wwga2rsehr3scn7mbdqv5800axvsalesforcevk97e4wwga2rsehr3scn7mbdqv5800axvsfdcvk97e4wwga2rsehr3scn7mbdqv5800axv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.