← Back to Skills Marketplace
openclaw-crm
by
frank-bot07
· GitHub ↗
· v1.0.0
622
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install openclaw-crm
Description
Local-first CRM for managing leads, deals, follow-ups, and pipelines via CLI using SQLite with WAL mode.
Usage Guidance
Before installing: 1) Inspect the interchange behavior — src/interchange.js writes state/deals .md files that include contact names, emails and deal values. If your workspace/interchange directory is shared with other agents or users, this will expose PII and monetary data. If you do not want that, modify or disable the refresh/write functions. 2) Verify the referenced writeMd import (../../interchange/src/index.js) exists in your environment or replace it with a local writer; the relative import looks like it will fail unless an interchange package is present at that path. 3) Run npm install in an isolated environment or container: better-sqlite3 builds native modules and may require build tools. 4) Audit dependencies (npm audit) and review package-lock.json for unexpected packages. 5) Be aware backups copy .db, .wal, .shm files — secure those files and their destinations. 6) If you plan to let agents run this autonomously, explicitly confirm which interchange files will be published and who/what can read workspace/interchange; the code currently writes sensitive state data which could be picked up by other agents. If you want, I can point to the specific lines that produce interchange/deal content and suggest small code edits to redact sensitive fields.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-crm
Version: 1.0.0
The skill is classified as suspicious due to a critical vulnerability in its `backup` command, located in `src/cli.js` and `src/backup.js`. The `--output <path>` option for `crm backup` allows an attacker (via prompt injection to the agent) to specify an arbitrary absolute file path. This enables the skill to write the database backup files (`.db`, `.db-wal`, `.db-shm`) to any location on the filesystem, potentially overwriting sensitive system files (e.g., `/etc/passwd.db`, `/etc/cron.d/malicious_job.db`). While the skill itself does not exhibit malicious intent, this arbitrary file write capability represents a significant security flaw that could be exploited for system compromise.
Capability Assessment
Purpose & Capability
Name/description and the included code (SQLite-backed CLI, contacts/deals/follow-ups, reports, backup/restore) are consistent. No unexpected external credentials, binaries, or network clients are requested. However, the README and interchange comments make mixed claims about what interchange files will contain (an assertion that 'ops' outputs contain no deal values or contact info contrasts with code that writes state/deal files containing contact emails and deal values). This is a design/policy inconsistency worth noting.
Instruction Scope
SKILL.md instructs running `npm install` and `node src/cli.js refresh` and to use an exec tool to run CLI commands. That is expected for a CLI skill, but the code writes Markdown 'interchange' files into an interchange/ directory and those files include contact names, emails and deal values in state/deals files — which could leak sensitive data to any consumer of the workspace/interchange path. Also src/interchange.js imports writeMd from '../../interchange/src/index.js' (a relative path outside the package) which may be unresolved at runtime; this mismatch between documentation, filesystem locations, and imports is suspicious and should be validated before use.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only skill), but SKILL.md and package.json require running `npm install`. Dependencies are normal npm packages (better-sqlite3, commander, uuid) and package-lock.json is included. Installing will fetch from the public npm registry and better-sqlite3 may build native artifacts; this is common but means extra caution (build tools, native binaries). No downloads from obscure URLs were observed.
Credentials
The skill declares no required environment variables or credentials and the code doesn't read external secrets. That aligns with a local-first CRM.
Persistence & Privilege
Skill is not marked always:true and does not request elevated platform privileges. It writes files under its own data/interchange paths and copies DB files for backups — normal for a local CLI tool.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-crm - After installation, invoke the skill by name or use
/openclaw-crm - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: Local-first CRM. 10 tests.
Metadata
Frequently Asked Questions
What is openclaw-crm?
Local-first CRM for managing leads, deals, follow-ups, and pipelines via CLI using SQLite with WAL mode. It is an AI Agent Skill for Claude Code / OpenClaw, with 622 downloads so far.
How do I install openclaw-crm?
Run "/install openclaw-crm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is openclaw-crm free?
Yes, openclaw-crm is completely free (open-source). You can download, install and use it at no cost.
Which platforms does openclaw-crm support?
openclaw-crm is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created openclaw-crm?
It is built and maintained by frank-bot07 (@frank-bot07); the current version is v1.0.0.
More Skills