AI Customer Service Automation
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ai-customer-service-automation Version: 1.0.0 The provided files consist solely of metadata and documentation for an AI customer service automation skill. There is no executable code, and the instructions in SKILL.md are purely descriptive of the service's features and configuration without any malicious prompt injection or harmful commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
It could send incorrect messages to customers or create business tickets without a clear human review gate.
The skill directs automatic customer responses and automatic ticket creation, but the artifacts do not provide limits, approvals, rate controls, or rollback guidance for these business-impacting actions.
✅ 智能问答:自动回复 80% 常见问题 ✅ 工单系统:复杂问题自动创建工单 ... ticket: provider: jira autoCreate: true
Require explicit user approval before production replies or ticket creation, define allowed channels/providers, use sandbox testing first, and document escalation and rollback procedures.
Users may connect broad business accounts without understanding what permissions the skill needs or what actions it can take.
These integrations imply delegated access to third-party customer-service, messaging, and ticketing accounts, while the registry metadata declares no credential contract or permission scope.
provider: jira # or feishu/dingtalk ... channels: - feishu - wechat - telegram
Declare exact credential types and scopes, use least-privilege bot or service accounts, document revocation, and avoid connecting production accounts until implementation details are reviewed.
Customer conversations, policies, or other sensitive business information could be absorbed into future answers without clear controls.
The skill indicates persistent use of historical conversations and knowledge-base files, but does not define import scope, exclusions, storage, retention, redaction, or cross-task reuse.
✅ 知识库同步:自动学习历史对话
...
knowledgeBase:
files:
- ./docs/faq.md
- ./docs/policy.pdfLimit approved source files and conversation sets, redact personal data, define storage and retention rules, and require user review before adding new material to the knowledge base.
Users cannot verify how the advertised automation and integrations are actually implemented from the provided artifacts.
The package points to an implementation file, but the provided manifest contains no index.js and there is no install spec. This is a completeness/provenance gap rather than direct evidence of hidden malicious code.
"main": "index.js"
Provide the reviewed implementation files or remove the stale entry point, document provenance, and declare any dependencies or runtime integration requirements.