← Back to Skills Marketplace
2731
Downloads
0
Stars
7
Active Installs
1
Versions
Install in OpenClaw
/install salesforce
Description
Query and manage Salesforce CRM data via the Salesforce CLI (`sf`). Run SOQL/SOSL queries, inspect object schemas, create/update/delete records, bulk import/export, execute Apex, deploy metadata, and make raw REST API calls.
Usage Guidance
This skill appears to be what it says: a wrapper around the Salesforce CLI. Before installing, consider: 1) The CLI will require you to authenticate to a Salesforce org; those credentials (access tokens, refresh tokens, JWT key files, sfdx auth URLs) are sensitive — avoid exposing them to an agent you don't trust. 2) The skill can run destructive operations (create/update/delete, deploy, execute Apex). Only enable autonomous invocation if you want the agent to act on your org without manual approval. 3) Installing @salesforce/cli via npm may require elevated privileges and will run normal npm install scripts — if you prefer, install the official CLI yourself from developer.salesforce.com and keep credential files under your control. 4) If you need higher assurance, verify the npm package source and ownership before installing and prefer interactive (web) login flows over embedding keys in files where possible.
Capability Analysis
Type: OpenClaw Skill
Name: salesforce
Version: 1.0.0
The skill provides extensive and high-risk capabilities for interacting with Salesforce, including executing arbitrary Apex code, making raw REST/GraphQL API calls, and performing bulk data operations (create, update, delete) via the `sf` CLI. While the `SKILL.md` includes explicit guardrails instructing the AI agent to seek user confirmation for destructive actions, the inherent power of these commands (e.g., `sf apex run`, `sf api request rest`) means that a compromised agent or a malicious user could cause significant harm. There is no clear evidence of intentional malicious behavior or prompt injection designed to bypass these guardrails within the skill's definition itself, but the broad permissions and powerful actions classify it as suspicious.
Capability Assessment
Purpose & Capability
Name and description describe Salesforce CLI operations; the skill requires the 'sf' binary and provides an npm install for @salesforce/cli which legitimately supplies that binary. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md contains detailed sf CLI commands for queries, record create/update/delete, Apex execution, metadata deploys, and multiple authentication flows. These instructions are within the skill's stated scope. They explicitly reference sensitive actions and outputs (access tokens, refresh tokens, JWT key files) and correctly note that authentication is required and that some commands reveal sensitive info. The agent will be able to run commands that read local auth files (e.g., server.key, authUrl.txt) and display tokens — this is expected behavior but important for users to know.
Install Mechanism
Install uses the official-looking npm package @salesforce/cli to provide the 'sf' binary, and the README also points to developer.salesforce.com. Installing via npm is a standard, reasonable approach. Note: a global npm install may require elevated permissions and runs package postinstall scripts like any npm package.
Credentials
The skill declares no required environment variables or config paths, which is consistent because authentication is performed via the CLI at runtime. However, the instructions reference local credential artifacts (JWT key files, sfdx auth URL files) and commands that surface tokens; those are sensitive but appropriate for a Salesforce CLI integration. Users should be aware the agent will be able to access any credential files it is directed to use.
Persistence & Privilege
always:false and user-invocable:true (with normal autonomous invocation allowed) — typical and appropriate. The skill does not request system-wide persistence or modification of other skills. Caution: if the agent is granted Salesforce credentials, autonomous invocation could allow it to perform destructive changes in the org; that is an operational risk, not an incoherence.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install salesforce - After installation, invoke the skill by name or use
/salesforce - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: comprehensive Salesforce CLI (sf) skill covering SOQL/SOSL queries, record CRUD, bulk operations, Apex execution, REST API, metadata deployment, and schema inspection.
Metadata
Frequently Asked Questions
What is Salesforce Skill?
Query and manage Salesforce CRM data via the Salesforce CLI (`sf`). Run SOQL/SOSL queries, inspect object schemas, create/update/delete records, bulk import/export, execute Apex, deploy metadata, and make raw REST API calls. It is an AI Agent Skill for Claude Code / OpenClaw, with 2731 downloads so far.
How do I install Salesforce Skill?
Run "/install salesforce" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Salesforce Skill free?
Yes, Salesforce Skill is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Salesforce Skill support?
Salesforce Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Salesforce Skill?
It is built and maintained by ArvorCo (@arvorco); the current version is v1.0.0.
More Skills