Description

Salesforce CRM integration for SDR teams - query accounts/contacts/leads, check duplicates, create or update records including Opportunity pipeline edits. OA...

README (SKILL.md)

Salesforce CRM - SDR Operations

Name: Salesforce Fast integrations
Author: sawera557

Authentication: OAuth token-only. No password credentials required or supported.
Write Safety: All CRM writes require interactive YES confirmation. No bypass flags.
Audit: All operations logged to ~/.salesforce_skill_audit.log (treat as sensitive data).

Security Model

Every write operation requires 4 confirmations before touching Salesforce:

User prompt
  → 1. Object allowlist (only 5 permitted: Account, Contact, Lead, Opportunity, Task)
  → 2. Field allowlist (per-object restricted fields)
  → 3. Diff preview (shows OLD → NEW values with ⚠️ HIGH IMPACT warnings)
  → 4. Interactive confirmation (type YES - no bypass)
  → Salesforce API
  → 5. Audit log (sensitive data - protect this file)

Read operations (SOQL queries) never modify data but may return sensitive CRM information. Treat all query results as confidential.

Authentication Setup (OAuth Token-Only)

This skill uses OAuth tokens exclusively. Password-based authentication is NOT supported.

Step 1: Create Salesforce Connected App

Setup > App Manager > New Connected App
Enable OAuth Settings
Callback URL: https://login.salesforce.com/services/oauth2/success
Scopes: Select only api and refresh_token (do NOT add full or web)
Save and note Client ID and Client Secret

Step 2: Get OAuth Access Token

Use OAuth 2.0 authorization code flow or password flow (via external tool) to obtain an access token.

Example using cURL (password flow - for initial setup only):

curl -X POST https://login.salesforce.com/services/oauth2/token \
  -d "grant_type=password" \
  -d "client_id=YOUR_CLIENT_ID" \
  -d "client_secret=YOUR_CLIENT_SECRET" \
  -d "[email protected]" \
  -d "password=YOUR_PASSWORD_AND_SECURITY_TOKEN"

Response contains access_token and instance_url.

Step 3: Set Environment Variables

# Store in your shell profile or secrets manager — never hardcode values
# SF_ACCESS_TOKEN → obtained from sf_auth.py or your OAuth flow
# SF_INSTANCE_URL → e.g. https://yourorg.my.salesforce.com

Security: Store these in a secrets manager or .env file. Never commit to version control.

Step 4: Create Least-Privilege Integration User

Never use a personal admin account.

Setup > Users > New User
Username: [email protected]
Profile: "Minimum Access - Salesforce"
API Only User: Yes

Step 5: Create Permission Set

Name: SDR_Skill_Integration

Object Permissions:

Account: Read, Create, Edit (no Delete, no View All, no Modify All)
Contact: Read, Create, Edit
Lead: Read, Create, Edit
Opportunity: Read, Edit (no Create, no Delete - prevents creating fake pipeline)
Task: Read, Create, Edit

Field-Level Security (Opportunity - restrict to safe fields):

✅ StageName, CloseDate, Description, Type, LeadSource
✅ Custom R&D fields (R_D_Credit_Estimate__c, etc.)
❌ Amount (excluded - financial risk)
❌ Probability (excluded - forecast manipulation)

How to Use

Read Operations (Always Safe)

Check if "Acme Engineering" in California exists in Salesforce
Get full details for Account 001XX000003DHP0
Find 10 unscreened manufacturing companies in Texas
Find CEO and CFO for Account 001XX000003DHP0

Security: Query results may contain sensitive CRM data (emails, phone numbers, revenue, notes). Treat as confidential.

Write Operations (Require Confirmation)

Create Account for "Acme Engineering" - Industry: Engineering, Employees: 150
Update Account 001XX000003DHP0 - R_D_Screening_Status__c: Strong Candidate
Update Opportunity 006XX000005XYZ1 - StageName: Closed Won

Every write shows:

Transparency notice (what objects are writable)
Diff preview (OLD → NEW values)
⚠️ HIGH IMPACT warnings for forecast-affecting fields
Interactive prompt: "Type YES to proceed"

No bypass flags. Every write requires manual confirmation.

Permitted Objects & Fields

Object	Access	Writable Fields	Excluded (Too Risky)
Account	read/write	Name, Industry, Address, Phone, R&D screening fields	-
Contact	read/write	Name, Email, Phone, Title, Department	-
Lead	read/write	Name, Company, Status, Source, Email, Phone	-
Opportunity	read/write	StageName, CloseDate, Description, Type, R&D custom fields	Amount, Probability
Task	read/write	Subject, Date, Status, Priority, Description	-

Opportunity Amount and Probability are intentionally excluded to prevent accidental revenue forecast corruption.

Audit Log Security

Location: ~/.salesforce_skill_audit.log

Contains sensitive data:

Record IDs
Field names and values (old + new)
Timestamps
User actions

Recommendations:

Protect with file permissions: chmod 600 ~/.salesforce_skill_audit.log
Define retention policy (e.g., rotate monthly)
Exclude from backups if CRM data is highly sensitive
Review regularly for unauthorized changes

Example entry:

{
  "timestamp": "2026-05-07T00:00:00Z",
  "action": "update",
  "object": "Opportunity",
  "record_id": "006XX0",
  "old_values": {"StageName": "Prospecting"},
  "new_values": {"StageName": "Closed Won"},
  "result": "success"
}

SOQL Query Examples

Duplicate Detection (Read-Only)

SELECT Id, Name, Website, Owner.Name
FROM Account
WHERE Name LIKE '%Acme%'
AND BillingCountry = 'United States'
LIMIT 10

Get Screening Queue (Read-Only)

SELECT Id, Name, Industry, NumberOfEmployees, BillingState
FROM Account
WHERE R_D_Screening_Status__c = NULL
AND NumberOfEmployees >= 50
ORDER BY CreatedDate ASC
LIMIT 25

Find Decision Makers (Read-Only)

SELECT Id, Name, Title, Email, Phone
FROM Contact
WHERE AccountId = '001XX0'
AND (Title LIKE '%CEO%' OR Title LIKE '%CFO%')

Error Handling

Error	Cause	Fix
`INVALID_FIELD`	Field doesn't exist or wrong API name	Check `__c` suffix for custom fields
`DUPLICATE_VALUE`	Duplicate rule triggered	Run duplicate check first
`INSUFFICIENT_ACCESS`	Missing permissions	Contact Salesforce admin
`Object not permitted`	Object not on allowlist	Use only: Account, Contact, Lead, Opportunity, Task
`Rejected fields`	Field not on allowlist	Remove field or request allowlist update

Upgrade Instructions

From v1.x or v2.0 to v2.1:

Step 1: Backup Current Skill

# Create timestamped backup
cp -r ~/.openclaw/skills/salesforce-crm-sdr \
     ~/.openclaw/skills/salesforce-crm-sdr.backup.$(date +%Y%m%d)

Step 2: Verify Backup

# Confirm backup exists before proceeding
ls -la ~/.openclaw/skills/salesforce-crm-sdr.backup.*

Step 3: Remove Old Version (User Confirmation Required)

# ⚠️  DESTRUCTIVE OPERATION - Confirm you want to delete the old skill
# Type the full command below ONLY if you verified the backup above:

read -p "Type 'DELETE' to remove old skill: " confirm
if [ "$confirm" = "DELETE" ]; then
  rm -rf ~/.openclaw/skills/salesforce-crm-sdr
  echo "✅ Old skill removed"
else
  echo "❌ Cancelled - old skill preserved"
fi

Step 4: Install v2.1

cp -r salesforce-crm-sdr-final ~/.openclaw/skills/salesforce-crm-sdr

Step 5: Update Environment Variables

# Remove old password-based vars if present
unset SF_USERNAME SF_PASSWORD SF_SECURITY_TOKEN SF_CLIENT_ID SF_CLIENT_SECRET

# Obtain a fresh OAuth token and set env vars
# SF_CLIENT_ID, SF_CLIENT_SECRET, SF_USERNAME, SF_PASSWORD must be set first, then:
eval $(python3 scripts/sf_auth.py --export)

Step 6: Test

# Test read operation (safe)
python3 ~/.openclaw/skills/salesforce-crm-sdr/scripts/salesforce_query.py \
  "SELECT Id, Name FROM Account LIMIT 5"

What's New in v2.1

Change	Reason
Removed `salesforce_auth.py`	Eliminated password-based auth confusion
Removed `--yes` flag	All writes require interactive confirmation
Added user confirmation to delete commands	Prevents accidental skill deletion
Declared `credentials-type: oauth-token` in metadata	ClawHub transparency
Added audit log security notice	Sensitive data protection guidance
Aligned all docs to OAuth-only	Consistent authentication model

Support

Issues: https://github.com/sprx-tech/salesforce-crm-sdr/issues
Docs: See references/REFERENCE.md for quick reference
Security: Report vulnerabilities to [email protected]

License: MIT
Version: 2.1.0
Last Updated: May 7, 2026

Usage Guidance

Review before installing. If you use it, create a dedicated least-privilege Salesforce integration user, avoid personal/admin credentials, prefer non-password OAuth flows, verify the registry credential declarations, and confirm every write only after checking the preview.

Capability Analysis

Type: OpenClaw Skill Name: salesforce-easy Version: 1.0.5 The Salesforce CRM SDR skill bundle is a legitimate tool designed for sales development workflows, featuring comprehensive documentation and robust safety controls. It implements a multi-layered security model for write operations, including object/field allowlisting, diff previews, and mandatory interactive user confirmation in `sf_upsert.py`. While the scripts are vulnerable to SOQL injection due to unsanitized input in query construction (e.g., in `sf_query.py` and `sf_duplicate_check.py`), these appear to be unintentional implementation flaws rather than malicious intent. The bundle follows good practices such as using OAuth tokens and enforcing restrictive file permissions (chmod 600) on its audit logs.

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The Salesforce read/write capabilities are coherent with an SDR CRM skill and are mostly disclosed, including query, duplicate-check, account/contact/lead/task updates, and Opportunity pipeline edits.

⚠ Instruction Scope

The instructions repeatedly claim OAuth-token-only/no-password authentication, while the included setup and auth helper use Salesforce username/password plus security token. That mismatch affects user trust and credential handling.

ℹ Install Mechanism

There is no install spec and no auto-install behavior; however the registry requirements under-declare the local Python/script and credential environment needed to run the skill.

⚠ Credentials

The skill can operate with delegated Salesforce credentials and read/write access to business CRM records, including Opportunity stages and other account data; this is purpose-aligned but high-impact and should be tightly scoped.

ℹ Persistence & Privilege

The skill writes a local audit log containing old and new CRM values. This is disclosed and chmod 600 is attempted, but the file should still be treated as sensitive.

Version History

v1.0.5

No changes detected in this version. - No file changes were made compared to the previous release. - Functionality, configuration, and documentation remain unchanged.

v1.0.4

- Migrated all core Salesforce API scripts to new `sf_*.py` modules with updated names (e.g., `sf_auth.py`, `sf_query.py`, `sf_upsert.py`). - Removed legacy script files with old naming conventions (`salesforce_auth.py`, `salesforce_query.py`, etc.). - Updated SKILL.md to emphasize OAuth token-only authentication, strict write safety (interactive YES required for all writes), and audit logging. - Clarified field/object allowlists and explicitly excluded risk-sensitive Opportunity fields (Amount, Probability) from writes. - Modernized documentation for authentication, permissions setup, and improved error handling guidance.

v1.0.3

Version 1.0.3 of salesforce-easy - No file changes detected in this release. - No updates to features, functionality, or documentation. - Behavior and interface remain unchanged from the previous version.

v1.0.2

**Major update: Opportunity objects are now fully writable (can edit pipeline and forecasts).** - Opportunity permissions updated from read-only to read-write; edits to pipeline and forecast are now possible. - Permission requirements adjusted: Opportunity now requests full read-write. - Skill description clarified to highlight Opportunity pipeline edit capability. - Version bumped to 2.0.0 to reflect expanded write access. - No changes to usage or security confirmation flow.

v1.0.1

Security, permissions, and audit enhancements added in v1.1.0: - Introduced a defense-in-depth security model with object/field allowlist checks, dry-run previews, confirmation gate, and audit logging for every write operation. - Added detailed setup guidance for least-privilege integration user, permissions, and token-only authentication. - Expanded permissions and credentials requirements section for clarity and safety. - Read operations remain zero risk; all writes enforced through multi-layer safety and explicit user confirmation. - New support for dry-run write previews, requiring a "yes" response before data is modified. - Improved documentation and transparency about access scopes and security practices.

v1.0.0

- Initial release of Salesforce CRM skill for SDR operations. - Provides real-time duplicate detection, record creation, updates, and SOQL query templates. - Supports detailed account and contact lookups, screening workflow management, and queue handling. - Outlines step-by-step guidance for SDRs: from duplicate checking to decision-maker discovery. - Includes best practices for SOQL, API usage, and error handling. - Specific workflows for screening, updating, disqualification, and queue management.

Metadata

Slug salesforce-easy

Version 1.0.5

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 6

Frequently Asked Questions

What is Salesforce Fast integrations?

Salesforce CRM integration for SDR teams - query accounts/contacts/leads, check duplicates, create or update records including Opportunity pipeline edits. OA... It is an AI Agent Skill for Claude Code / OpenClaw, with 66 downloads so far.

How do I install Salesforce Fast integrations?

Run "/install salesforce-easy" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Salesforce Fast integrations free?

Yes, Salesforce Fast integrations is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Salesforce Fast integrations support?

Salesforce Fast integrations is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Salesforce Fast integrations?

It is built and maintained by Sawera Khadium (@sawera557); the current version is v1.0.5.

More Skills

Salesforce Fast integrations