Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Twenty CRM
v1.0.0Interact with Twenty CRM (self-hosted) via REST/GraphQL.
⭐ 0· 2.3k·5 current·5 all-time
by@jhumanj
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts match the stated purpose (curl + GraphQL/REST helpers). However the skill does not declare the credentials it actually needs (TWENTY_BASE_URL, TWENTY_API_KEY) and the runtime config path is hardcoded to a developer-specific absolute path (/Users/jhumanj/clawd/config/twenty.env) rather than the relative config/twenty.env referenced in SKILL.md. This mismatch is incoherent and not proportional to the stated purpose.
Instruction Scope
SKILL.md instructs the user to create config/twenty.env (relative), but the runtime loader (scripts/twenty-config.sh) reads /Users/jhumanj/clawd/config/twenty.env. The scripts otherwise stay within scope (they only call the target TWENTY_BASE_URL endpoints using curl and call python3 locally). There is no obvious exfiltration to other endpoints, but the absolute config path means the skill may read an unexpected file on the host if present.
Install Mechanism
There is no install spec — this is instruction/script-only. Nothing is downloaded or extracted from the network by the skill itself. Scripts rely on common tools (bash, curl, python3) but no package installation is performed by the skill bundle.
Credentials
The skill requires sensitive data (TWENTY_API_KEY and TWENTY_BASE_URL) but does not declare any required environment variables in its metadata. Instead it expects those values to be present in a config file at an absolute path. Not declaring the credential requirements is a mismatch and increases the risk of misconfiguration or accidental exposure of secrets.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and does not require persistent system-level installation. It runs only when invoked.
What to consider before installing
Key points to consider before installing or using this skill:
- Don’t assume the SKILL.md path is authoritative: the scripts actually try to load /Users/jhumanj/clawd/config/twenty.env. That is a hardcoded developer path and is inconsistent with SKILL.md (which says create config/twenty.env). Ask the author to fix the config path (make it relative or respect an env var) before using.
- Secrets are required but not declared: the scripts need TWENTY_BASE_URL and TWENTY_API_KEY. Keep that API key secret and avoid placing it in world-readable files. Prefer exporting them as environment variables or placing the config file in a secure location you control.
- Verify destination of requests: the scripts send the API key in an Authorization header to whatever TWENTY_BASE_URL you configure. Ensure that URL is your intended self-hosted instance (not a public or attacker-controlled endpoint).
- Operational notes: these scripts call curl and python3 and write one temporary JSON file to /tmp. They do not install extra software or contact other domains by themselves.
- Recommended actions: ask the skill author to (1) update twenty-config.sh to look for config/twenty.env (or respect an env var or relative path), (2) declare required env vars in the skill metadata, and (3) remove hardcoded user-specific paths. If you cannot get an updated version, inspect and locally modify the scripts to point to your own config path before running them.
Given these coherence issues (hardcoded config path and missing declared credentials), treat the skill as suspicious until those problems are resolved.Like a lobster shell, security has layers — review code before you run it.
latestvk9710700zr0pcvgf7qmgyv2pds7zh8p2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🗂️ Clawdis
OSmacOS · Linux