Sfe Data Viewer
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a mostly read-only SFE data query tool, but it tells the agent to automatically install an unpinned authentication skill with --force before using business API credentials.
Before installing, verify that cms-auth-skills is the exact auth dependency you trust, do not allow automatic --force installation without approval, and use a least-privilege appKey for the intended tenant. Treat returned customer, project, task, plan, and actual-result data as sensitive business information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could install or overwrite another skill before making data queries, creating a supply-chain and trust risk around the component that handles authentication.
The skill instructs the agent to install an authentication dependency at runtime from latest/GitHub sources using --force, without a pinned version or an explicit approval gate in the artifact.
如果未安装,先执行 `npx clawhub@latest install cms-auth-skills --force` ... 再执行 `npx clawhub@latest install https://github.com/spzwin/cms-auth-skills.git --force`
Require explicit user approval before installing dependencies, pin the auth skill to a trusted version/source, avoid --force unless necessary, and declare the dependency in the install/metadata contract.
Whoever controls the appKey and tenant selection controls what SFE customer, project, and sales-effectiveness data the agent can retrieve.
The skill relies on an appKey supplied through another auth skill to access business APIs. This is expected for the integration, but it is privileged access to enterprise data.
接口版本: 所有业务接口统一使用 `/erp-open-api/*` 前缀,通过 `appKey` 鉴权。... 当接口声明需要 `appKey` 时,先尝试读取 `cms-auth-skills/SKILL.md`
Use a least-privilege appKey, confirm the intended tenantId when multiple tenants exist, and avoid sharing returned data outside the authorized business context.
The agent may run included scripts to fetch potentially large amounts of authorized SFE data from the production API.
The skill requires local Python scripts to make API calls. This is consistent with the stated design, but users should trust and review the scripts because they mediate all API access.
调用 `scripts/<module>/<endpoint>.py` 执行接口调用... **所有接口调用必须通过脚本执行,不允许跳过脚本直接调用 API。**
Run scripts only for user-requested queries, review parameters before execution, and monitor large paginated requests.