ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

CRM Entity Extraction

v1.0.4

Standard Operating Procedure (SOP) that bridges extraction logic to CRM append operations via atomic nodes.

0· 98·1 current·1 all-time
by@zvirb

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for zvirb/crm-entity-extraction.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "CRM Entity Extraction" (zvirb/crm-entity-extraction) from ClawHub.
Skill page: https://clawhub.ai/zvirb/crm-entity-extraction
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: gog
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install crm-entity-extraction

ClawHub CLI

Package manager switcher

npx clawhub@latest install crm-entity-extraction
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to extract CRM entities and append rows to Google Sheets (or equivalent), which would normally require access/credentials to the target CRM/Sheets. However the registry metadata lists a required binary 'gog' that is never referenced in the SKILL.md and no environment variables/credentials are declared. The presence of an unexplained binary requirement is disproportionate to the stated purpose.
Instruction Scope
SKILL.md stays within a simple two-step SOP (call an 'LLM-Extract-JSON' atomic node, then a 'Google Sheets Append Row' atomic node) with verification and retry logic. However it is vague about how the source email/note is supplied or accessed and it instructs the agent to include exact error outputs when retrying — which could surface sensitive data if not sanitized. The use of sub-agents/atomic nodes is expected but the data-flow and access boundaries are underspecified.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written at install time. That minimizes install-time risk.
!
Credentials
No environment variables or primary credential are declared even though the procedure requires appending to Google Sheets (which normally needs OAuth/service-account credentials). The skill also demands a named binary ('gog') that has no explained role. Either credentials are handled out-of-band by the platform (possible) or the skill is missing required declarations — this mismatch is concerning.
Persistence & Privilege
The skill does not request 'always: true' and uses the platform default for autonomous invocation. It does not request system-wide persistence in its metadata; autonomy is normal for skills but combine with the other inconsistencies if you need caution.
What to consider before installing
Do not enable this skill until the author clarifies two things: (1) why the 'gog' binary is required and what it does, and (2) how Google Sheets/CRM credentials are supplied and what least-privilege scopes are used. Ask whether the atomic nodes (LLM-Extract-JSON and Google Sheets Append Row) run on a trusted platform and whether error outputs are sanitized. If you must test, run in a sandbox account with limited-sheet permissions and sample data, and require explicit approval for any production credential usage.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsgog
latestvk9764qqe4d3rthxahwvycx299n85qqss
98downloads
0stars
5versions
Updated 9h ago
v1.0.4
MIT-0
@zvirb
latest
Download

Lean Philosophy (Principles)

  • Kaizen (改善): This workflow relies entirely on discrete, single-responsibility atomic nodes rather than a monolithic loop.
  • Standardized Work (Hyojun Sagyo): This node represents a strict, step-by-step Standard Operating Procedure (SOP) for data extraction and persistence.
  • Jidoka (自働化): Includes autonomous self-healing loops with hard verification stops between every step.

CRM Entity Extraction SOP

This procedure guides the agent to extract structured data and append it to a CRM spreadsheet using explicitly defined atomic nodes.

Cognitive Directives

WHEN [A business-related email or note containing CRM data is received] THEN [ Follow this strict Standard Operating Procedure:

Step 1: Entity Extraction

  • Execute the LLM-Extract-JSON atomic skill to extract structured entities (name, org, date).
  • Jidoka Stop: Check if the sub-agent returns a valid JSON object matching the requested schema. IF it returns unstructured text, instruct the skill to format correctly and retry. Do NOT proceed until valid JSON is acquired.

Step 2: Append to CRM

  • Execute the Google Sheets Append Row (or equivalent) atomic node, passing the extracted JSON row.
  • Jidoka Stop: Verify the atomic node returns a successful JSON confirmation. IF the API request fails, retry up to 3 times with the exact error output. IF it still fails, report the error and STOP. ]

Expected Output

A JSON summary of the extracted data and the successful append confirmation.

Comments

Loading comments...