Description

Customer support via Crisp API. Use when the user asks to check, read, search, or respond to Crisp inbox messages. Requires Crisp website ID and plugin token (authenticated via environment variables CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY).

README (SKILL.md)

Crisp Customer Support

Name: Crisp Skill
Author: paul-phan

Crisp is a customer support platform. Use this skill when the user needs to:

Check for new messages in the inbox
Read conversation history
Search conversations
Send replies to customers
Check conversation status

Credentials

Crisp requires authentication via HTTP headers with a token identifier and key (Basic Auth), plus the website ID for the API URL.

Set these as environment variables (stored securely, never logged):

CRISP_WEBSITE_ID - Your website identifier (e.g., 0f4c...)
CRISP_TOKEN_ID - Your Plugin Token Identifier (e.g., e47d...)
CRISP_TOKEN_KEY - Your Plugin Token Key (e.g., a7d7...)

Common Workflows

Check Inbox Status

scripts/crisp.py inbox list --page 1

Read Conversation

scripts/crisp.py conversation get \x3Csession_id>

Get Messages in Conversation

scripts/crisp.py messages get \x3Csession_id>

Send a Reply

scripts/crisp.py message send \x3Csession_id> "Your reply text here"

Search Conversations

scripts/crisp.py conversations search "query terms" --filter unresolved --max 10

Mark as Read

scripts/crisp.py conversation read \x3Csession_id>

Resolve Conversation

scripts/crisp.py conversation resolve \x3Csession_id>

API Reference

Key endpoints used:

GET /v1/website/{website_id}/conversations/{page} - List conversations
GET /v1/website/{website_id}/conversation/{session_id} - Get conversation details
GET /v1/website/{website_id}/conversation/{session_id}/messages - Get messages
POST /v1/website/{website_id}/conversation/{session_id}/message - Send message
PATCH /v1/website/{website_id}/conversation/{session_id}/read - Mark as read
PATCH /v1/website/{website_id}/conversation/{session_id} - Update/resolve

Base URL: https://api.crisp.chat

Notes

Always ask before sending customer replies to confirm tone/content
Check for meta.email in conversation for customer email
Verify CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY are set before running commands
Use --json flag for script output when parsing programmatically

Usage Guidance

This skill's code and docs match its claimed Crisp inbox functionality and it only needs Crisp plugin credentials, but the registry metadata incorrectly states that no environment variables are required — treat that as a red flag. Before installing: 1) Confirm you trust the skill owner/source (no homepage provided). 2) Verify the full script (the provided listing here was partially truncated) to ensure there are no hidden network calls or logging of secrets. 3) Create a Crisp plugin token with the minimum required scopes and prefer short-lived or revocable tokens; avoid placing tokens in long-lived shell profiles on shared machines. 4) Be aware the CLI can print full API responses (which may include visitor emails, IPs, or other metadata) so avoid running it in logs or screenshots where sensitive data could leak. 5) If you rely on automated policy checks, request that the registry metadata be corrected to declare CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY (and the 'requests' dependency) before enabling the skill.

Capability Analysis

Type: OpenClaw Skill Name: crisp Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Crisp customer support is benign. The `scripts/crisp.py` script correctly uses environment variables for API authentication (CRISP_WEBSITE_ID, CRISP_TOKEN_ID, CRISP_TOKEN_KEY) and communicates solely with the official Crisp API at `https://api.crisp.chat`. There is no evidence of data exfiltration, malicious command execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` or `README.md` that would lead to unauthorized actions or data access beyond the stated purpose of managing Crisp conversations.

Capability Assessment

ℹ Purpose & Capability

The skill's name, README, SKILL.md, and script all describe Crisp inbox operations and use Crisp plugin credentials — that matches the stated purpose. However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' while both SKILL.md and the script require CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY. This metadata omission is an inconsistency that could mislead users or automated guards.

✓ Instruction Scope

The SKILL.md instructs the agent to call Crisp API endpoints (list conversations, get messages, send replies, mark read/resolve). The instructions only reference the Crisp API and the three environment variables; they do not ask the agent to read unrelated files or exfiltrate data to other endpoints. The README warns to store env vars securely and suggests installing 'requests'.

ℹ Install Mechanism

There is no install spec (instruction-only), which minimizes risk of arbitrary downloads. The script depends on the Python 'requests' package; the README instructs pip3 install requests. The registry metadata does not declare this dependency, which is a minor inconsistency to be aware of.

⚠ Credentials

The skill legitimately needs three Crisp credentials (website ID, token id, token key) and requests only those. However, the published metadata failed to list any required environment variables or primary credential — this mismatch is concerning because automated policy checks or users may not realize sensitive tokens are required or used. Also note that the README suggests adding tokens to shell profiles, which can persist secrets in plain text and may be inappropriate for some environments.

✓ Persistence & Privilege

The skill is not always-on and is user-invocable. It does not request system-wide persistence or modify other skills. Autonomous model invocation is allowed (default) but that is the platform norm and is not by itself flagged here.

Version History

v1.0.0

Initial release – integrates Crisp customer support API. - Supports checking inbox, reading/searching conversations, sending and marking replies, and resolving conversations. - Requires authentication via environment variables for website ID and plugin token. - Includes example CLI workflows and key API endpoint documentation. - Security notes: credentials are stored via environment variables and never logged. - Recommends confirmation before sending replies and provides usage best practices.

Metadata

Slug crisp

Version 1.0.0

License —

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Crisp Skill?

Customer support via Crisp API. Use when the user asks to check, read, search, or respond to Crisp inbox messages. Requires Crisp website ID and plugin token (authenticated via environment variables CRISP_WEBSITE_ID, CRISP_TOKEN_ID, and CRISP_TOKEN_KEY). It is an AI Agent Skill for Claude Code / OpenClaw, with 1875 downloads so far.

How do I install Crisp Skill?

Run "/install crisp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Crisp Skill free?

Yes, Crisp Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Crisp Skill support?

Crisp Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Crisp Skill?

It is built and maintained by Minh Phan (Paul) (@paul-phan); the current version is v1.0.0.

More Skills

Crisp Skill