← Back to Skills Marketplace
w7tf

Twenty CRM

by w7tf · GitHub ↗ · v0.0.2
darwinlinux ✓ Security Clean
286
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install 20-crm
Description
Interact with Twenty CRM (self-hosted) via REST/GraphQL.
README (SKILL.md)

Twenty CRM

Interact with your self-hosted Twenty instance via REST and GraphQL.

Config

Set these env vars directly, or place them in config/twenty.env:

  • TWENTY_BASE_URL (e.g. https://crm.example.com or http://localhost:3000)
  • TWENTY_API_KEY (Bearer token)

Scripts auto-load config/twenty.env relative to this skill. You can override the path with TWENTY_CONFIG_FILE.

Runtime Requirements

  • curl
  • python3

Commands

Low-level helpers

  • REST GET: skills/twenty-crm/scripts/twenty-rest-get.sh "/companies" 'filter={"name":{"ilike":"%acme%"}}' "limit=10" "offset=0"

  • REST POST: skills/twenty-crm/scripts/twenty-rest-post.sh "/companies" '{"name":"Acme"}'

  • REST PATCH: skills/twenty-crm/scripts/twenty-rest-patch.sh "/companies/\x3Cid>" '{"employees":550}'

  • REST DELETE: skills/twenty-crm/scripts/twenty-rest-delete.sh "/companies/\x3Cid>"

  • GraphQL: skills/twenty-crm/scripts/twenty-graphql.sh 'query { companies(limit: 5) { totalCount } }'

Common objects (examples)

  • Create company: skills/twenty-crm/scripts/twenty-create-company.sh "Acme" "acme.com" 500
  • Find companies by name: skills/twenty-crm/scripts/twenty-find-companies.sh "acme" 10

Notes

  • Twenty supports both REST (/rest/...) and GraphQL (/graphql).
  • Object names/endpoints can differ depending on your workspace metadata and Twenty version.
  • Auth tokens can be short-lived depending on your setup; refresh if you get 401.

Security

  • Keep TWENTY_API_KEY out of git and avoid storing it in shared/world-readable files.
  • If you use config/twenty.env, prefer restrictive permissions (for example chmod 600 config/twenty.env).
  • Pass REST query parameters as separate key=value arguments; do not append raw query strings to REST paths.
Usage Guidance
This skill appears to do what it says: it sends REST/GraphQL requests to the configured Twenty CRM and expects TWENTY_BASE_URL and TWENTY_API_KEY. Before installing/using: (1) ensure the registry metadata accurately lists TWENTY_BASE_URL and TWENTY_API_KEY so you know what secrets are required; (2) keep your config file (config/twenty.env) out of version control and use restrictive permissions (chmod 600); (3) set TWENTY_CONFIG_FILE if you want the config outside the repo; (4) only pass trusted JSON as the GraphQL variables argument (the script inserts it verbatim into the request body); (5) inspect the scripts in your environment before running them to confirm they point only to your CRM endpoint. If you need higher assurance, run the scripts in an isolated environment or review network traffic to confirm no unexpected hosts are contacted.
Capability Analysis
Type: OpenClaw Skill Name: 20-crm Version: 0.0.2 The skill bundle provides a well-structured and security-conscious interface for interacting with a Twenty CRM instance. It includes robust input validation in `scripts/twenty-config.sh` (e.g., `validate_rest_path`) and uses Python to safely encode JSON payloads and query parameters, preventing injection vulnerabilities. The README.md explicitly documents security hardening measures taken to address previous flaws, and there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The skill is for interacting with a self-hosted Twenty CRM and the included scripts only call the CRM's REST or GraphQL endpoints. Requiring a base URL and API key (TWENTY_BASE_URL, TWENTY_API_KEY) and tools (curl, python3) is appropriate. Note: the registry metadata provided earlier lists no required env vars, but SKILL.md and the scripts clearly expect TWENTY_BASE_URL and TWENTY_API_KEY — this is an inconsistency in metadata, not in runtime behavior.
Instruction Scope
Runtime instructions and scripts stay within the CRM domain: they source a repo-relative config file (or TWENTY_CONFIG_FILE), validate REST paths, URL-encode query parameter values, and send requests to the configured TWENTY_BASE_URL. The GraphQL helper builds a JSON body and accepts an optional variables JSON string; that variables argument is included verbatim and therefore must be valid JSON (not a cross-service exfiltration vector by itself). There is no code that reads unrelated system files or sends data to external endpoints other than the configured CRM.
Install Mechanism
This skill is instruction/script-only (no external install/download). No third-party packages are pulled at install time; the scripts rely on curl and python3 already being available. This is low-risk from install-source perspective.
Credentials
The secrets requested (TWENTY_BASE_URL and TWENTY_API_KEY) are proportional and expected for a CRM integration. However, the skill registry metadata omitted these required env vars while SKILL.md and scripts declare/require them — the metadata mismatch should be corrected so users know which secrets will be needed.
Persistence & Privilege
The skill does not request elevated persistence (always:false) and does not attempt to modify other skills or system-wide agent settings. It only reads a per-skill config file if present. Autonomous invocation is allowed (platform default) but not combined with other concerning factors.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install 20-crm
  3. After installation, invoke the skill by name or use /20-crm
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.0.2
- Added runtime requirements section: now documents the need for curl and python3. - Updated metadata to specify environment variables and binary requirements. - Introduced a new security section with advice on protecting API keys and using restrictive permissions. - Clarified how to pass REST query parameters securely.
v0.0.1
twenty-crm 0.0.1 - Initial release of the skill for interacting with self-hosted Twenty CRM via REST and GraphQL. - Provides low-level helper scripts for REST GET, POST, PATCH, DELETE, and GraphQL queries. - Includes example scripts for common operations like creating companies and searching by name. - Supports flexible configuration via environment variables or a config file. - Compatible with Darwin and Linux systems.
Metadata
Slug 20-crm
Version 0.0.2
License
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Twenty CRM?

Interact with Twenty CRM (self-hosted) via REST/GraphQL. It is an AI Agent Skill for Claude Code / OpenClaw, with 286 downloads so far.

How do I install Twenty CRM?

Run "/install 20-crm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Twenty CRM free?

Yes, Twenty CRM is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Twenty CRM support?

Twenty CRM is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).

Who created Twenty CRM?

It is built and maintained by w7tf (@w7tf); the current version is v0.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments