Back to skill
Skillv1.0.0
ClawScan security
Salesforce Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 1:42 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions align with its stated Salesforce CLI purpose; nothing requested is disproportionate, but users should be careful with authentication files/keys and destructive operations.
- Guidance
- This skill appears to be what it claims — a wrapper for the Salesforce CLI. Before installing: - Install `sf` from the official Salesforce sources or the official @salesforce/cli package and verify package provenance. - Be careful with authentication files and tokens: JWT key files, SFDX auth URLs, and access tokens are sensitive and may be referenced by the commands; never paste them into chat or expose them to untrusted processes. - The skill can create/update/delete records. Ensure confirmation guardrails are enforced and consider restricting autonomous invocation if you do not want the agent to perform destructive actions without manual approval. - Avoid piping CLI output directly to network commands; SAFETY.md explicitly forbids data exfiltration via piping — follow the recommended local-export-and-manual-upload workflow. - If you require stricter controls, require manual approval for any org mutations and avoid installing CLI globally from unverified sources.
Review Dimensions
- Purpose & Capability
- okName/description match the actual runtime instructions and requirements: the skill uses the Salesforce CLI (`sf`) and the install spec installs @salesforce/cli to provide the `sf` binary. Required binaries and the npm install are consistent with a Salesforce CLI integration.
- Instruction Scope
- noteSKILL.md confines actions to `sf` commands (queries, schema inspection, create/update/delete, bulk export, REST calls). It documents authentication flows (web, JWT, access-token, sfdx-url) and explicitly warns about sensitive output. The instructions do include operations that can reveal tokens or require local secret files (jwt-key-file, sfdx-url file) and they permit destructive commands — SAFETY.md adds guardrails (explicit confirmation for mutations, refusal to pipe exports to network). Overall scoped to purpose, but be aware the skill will instruct use of local auth files and can perform mutating operations if confirmed.
- Install Mechanism
- okInstall uses the public npm package @salesforce/cli to provide `sf`, which is the standard distribution channel for Salesforce CLI. npm global installs have normal supply-chain considerations, but this install mechanism is proportionate and expected for this tooling.
- Credentials
- noteThe skill declares no required env vars or credentials, which is consistent because authentication is performed via `sf` commands, files, or tokens. However, the documented auth flows require sensitive material (client-id, jwt key file, access tokens, sfdx auth URL) that live on disk or are pasted into commands — users should not expose these to untrusted processes. The skill itself does not request unrelated credentials.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; autonomous invocation is permitted (platform default). Because the skill can perform destructive org operations, confirmatory guardrails (present in SAFETY.md) are important — there is no evidence the skill self-enables or modifies other skills or system-wide settings.