← Back to Skills Marketplace

Pans Crm Sync

Name: Pans Crm Sync
Author: dashiming

by dashiming · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install pans-crm-sync

Description

AI算力销售 CRM 同步工具。对接 Salesforce 和 HubSpot 双平台，自动同步客户状态、更新 Pipeline、生成 CRM 报表，支持双向/增量同步和冲突检测与解决。触发词：CRM同步, 客户同步, Salesforce, HubSpot, pipeline同步, 客户状态更新, CRM...

Usage Guidance

This skill appears to do what it says (sync Salesforce and HubSpot), but the registry metadata failing to declare required environment variables is a warning sign — the code expects sensitive credentials (Salesforce username/password/security token and HubSpot API key). Before installing or running: 1) review the full script (you already have it) to confirm there are no hidden endpoints; 2) run it in an isolated environment (or container) and avoid using production/high-privilege credentials — create and use least-privilege API tokens or a test account; 3) be aware you'll need to pip install external SDKs (verify their provenance); 4) consider rotating credentials after use and monitor API/activity logs for unexpected access. If the registry entry will be published, ask the maintainer to update the metadata to list the required env vars so the requirement is transparent.

Capability Analysis

Type: OpenClaw Skill Name: pans-crm-sync Version: 1.0.0 The skill bundle provides legitimate CRM synchronization functionality for Salesforce and HubSpot, but it contains a SOQL injection vulnerability in scripts/crm.py. Specifically, the query_salesforce function directly interpolates the 'email' argument into a SOQL query string using f-strings, which could allow for unauthorized data access if provided with crafted input. No evidence of intentional malice or data exfiltration to third-party domains was found.

Capability Tags

requires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The skill's name/description (Salesforce + HubSpot CRM sync) matches the code and runtime instructions: it queries contacts, updates pipeline stages, and supports sync/query/update operations. Requiring Salesforce username/password/security token and a HubSpot API key is appropriate for this purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and the script.

✓ Instruction Scope

SKILL.md and scripts/crm.py confine actions to interacting with Salesforce and HubSpot APIs, printing results, and optionally writing output JSON to a user-specified file. There are no instructions to read unrelated system files, exfiltrate data to arbitrary endpoints, or perform other out-of-scope actions.

ℹ Install Mechanism

There is no formal install spec (instruction-only), which minimizes automatic code installation risk. The README asks users to run pip install simple-salesforce and hubspot-api-client — expected for this functionality but means external packages will be installed at runtime. Those are standard SDKs, not obscure hosts, but pip installs always carry supply-chain risk.

⚠ Credentials

The code requires sensitive credentials (SALESFORCE_USERNAME, SALESFORCE_PASSWORD, SALESFORCE_SECURITY_TOKEN, HUBSPOT_API_KEY) — appropriate for the stated integrations — but the registry metadata declares no required environment variables or primary credential. This mismatch is an incoherence: the skill will prompt for or expect secrets even though the registry advertises none. Users should be aware and ensure they only provide least-privilege credentials.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is permitted (platform default) but not combined with other high-risk flags.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install pans-crm-sync
After installation, invoke the skill by name or use /pans-crm-sync
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of pans-crm-sync. - Supports Salesforce and HubSpot CRM platforms. - Enables automated, bidirectional, and incremental customer data synchronization. - Updates Pipeline states and generates CRM reports. - Includes conflict detection and resolution. - Provides a CLI for syncing, updating, and querying customer records.

Metadata

Slug pans-crm-sync

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Pans Crm Sync?

AI算力销售 CRM 同步工具。对接 Salesforce 和 HubSpot 双平台，自动同步客户状态、更新 Pipeline、生成 CRM 报表，支持双向/增量同步和冲突检测与解决。触发词：CRM同步, 客户同步, Salesforce, HubSpot, pipeline同步, 客户状态更新, CRM... It is an AI Agent Skill for Claude Code / OpenClaw, with 58 downloads so far.

How do I install Pans Crm Sync?

Run "/install pans-crm-sync" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Pans Crm Sync free?

Yes, Pans Crm Sync is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Pans Crm Sync support?

Pans Crm Sync is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Pans Crm Sync?

It is built and maintained by dashiming (@dashiming); the current version is v1.0.0.

More Skills