Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
sf-business-data-export
v1.0.0Export Salesforce business data into business-readable Excel files from natural-language requests. Use when pull large Salesforce datasets beyond Report limi...
⭐ 0· 14·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to export Salesforce data and the bundled scripts implement that (collect_metadata.py calls the Salesforce CLI, export_soap_to_excel posts SOAP to a Salesforce instance using an access token). However, the registry metadata lists no required environment variables, no primary credential, and no required config paths. A legitimate Salesforce export skill should declare that it needs Salesforce auth (CLI credentials or an auth JSON containing instance_url and access_token) and likely some Python packages.
Instruction Scope
SKILL.md and the scripts are focused on Salesforce metadata collection, SOQL generation, and export to Excel — that scope matches the description. But the runtime instructions implicitly require access to org auth (the preflight and collect_metadata scripts invoke `sf ... --json`) or to an auth JSON passed to export_soap_to_excel. The SKILL.md does not explicitly document how credentials are expected to be provided to the agent, which grants the agent broad discretion to run CLI commands or read local auth files during execution.
Install Mechanism
There is no install spec (instruction-only), which is low-risk for arbitrary downloads. However, the code imports third-party Python packages (requests, openpyxl) and depends on the Salesforce CLI (`sf`) being available; those dependencies are not declared in the registry metadata or installation instructions. That omission can lead to runtime failures or surprise attempts by a user/agent to install missing packages.
Credentials
The scripts require sensitive credentials (Salesforce access tokens / CLI-authenticated org access) and will send data to the Salesforce instance_url provided. Yet requires.env is empty and primary credential is none. The skill also reads and writes local files (describe JSON, auth JSON, output directories). Requesting high-scope access to Salesforce without declaring how secrets are obtained or protected is disproportionate.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. It writes outputs to configurable directories and does not modify other skills or global agent settings. Autonomous invocation is allowed by default but is not combined here with other high-risk privileges.
What to consider before installing
Before installing or running this skill: (1) expect to provide Salesforce credentials—either a logged-in Salesforce CLI environment or an auth JSON containing instance_url and access_token—because the scripts call `sf` and post SOAP requests; the registry metadata should explicitly declare that but does not. (2) Ensure the runtime has Python 3.9+, and the third-party packages (requests, openpyxl) installed or add an install step. (3) Run the scripts with a least-privileged, read-only Salesforce account when testing, and check any auth JSON files for secure storage (do not put long-lived access tokens in shared locations). (4) Review the code paths that call subprocess.run and requests.post to confirm no unexpected external endpoints or credential exfiltration will occur in your environment. (5) Prefer the maintainer add explicit requirements (required env vars or config paths), an install spec for dependencies, and clear documentation on how credentials are consumed so you can make an informed trust decision.Like a lobster shell, security has layers — review code before you run it.
latestvk971xq7s9ehg0p703b5207613d84b4g3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.