← Back to Skills Marketplace
Pipedrive CRM (OpenClaw)
by
danielfoch
· GitHub ↗
· v0.1.0
666
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install pipedrive-crm-openclaw
Description
Manage Pipedrive CRM from OpenClaw using API v1, including people, organizations, deals, leads, activities, notes, pipelines, and custom endpoint actions. Us...
Usage Guidance
This skill appears to be a straightforward Pipedrive API helper: it needs either a PIPEDRIVE_API_TOKEN (query param auth) or a PIPEDRIVE_ACCESS_TOKEN (Bearer OAuth) and the PIPEDRIVE_COMPANY_DOMAIN. Before installing: (1) note the registry metadata currently does NOT declare these required environment variables or a primary credential — that's an information/visibility gap (not necessarily malicious, but unexpected). (2) Only provide a least-privilege API token or an OAuth token with minimal scopes needed for the operations you'll perform. (3) Review the included scripts (pipedrive-api.py and setup-wizard.py) yourself or run them in a safe environment: they only call pipedrive.com endpoints and do not exfiltrate data to any other domain. (4) If you need stronger assurance, ask the publisher to update registry metadata to declare required env vars and a primary credential; if that is corrected and you validate the code, the skill would appear coherent and reasonable.
Capability Analysis
Type: OpenClaw Skill
Name: pipedrive-crm-openclaw
Version: 0.1.0
The skill is classified as suspicious due to the `request` command in `scripts/pipedrive-api.py`, which allows the AI agent to make arbitrary HTTP requests (method, path, query, body) to the Pipedrive API. While this feature is intended for full API coverage and is explicitly documented in `SKILL.md` with safety guidelines, it presents a significant vulnerability to prompt injection. An attacker could potentially craft a prompt to instruct the agent to use this command to access sensitive Pipedrive endpoints, perform unauthorized destructive actions, or exfiltrate data if the `PIPEDRIVE_API_BASE` environment variable is misconfigured to an attacker-controlled domain, as API tokens are automatically included in all requests.
Capability Assessment
Purpose & Capability
The skill's name, description, SKILL.md, and scripts all consistently implement a Pipedrive API helper (CRUD, search, pipeline movement, raw request passthrough). However the registry metadata lists no primary credential or required environment variables even though the code and documentation clearly expect PIPEDRIVE_API_TOKEN or PIPEDRIVE_ACCESS_TOKEN and PIPEDRIVE_COMPANY_DOMAIN. That metadata omission is an inconsistency.
Instruction Scope
SKILL.md and the scripts limit actions to Pipedrive API calls and setup prompts. Runtime instructions do not direct the agent to read unrelated local files, system credentials, or call external endpoints beyond Pipedrive. Safety rules in SKILL.md explicitly warn not to echo raw tokens.
Install Mechanism
No install spec or third-party downloads; the skill is instruction/code-only and uses only stdlib Python (urllib). No remote installers or archives are fetched.
Credentials
The skill legitimately requires secrets (PIPEDRIVE_API_TOKEN or PIPEDRIVE_ACCESS_TOKEN) and PIPEDRIVE_COMPANY_DOMAIN, but the registry metadata declares none and does not set a primary credential. That mismatch reduces transparency and could lead a user to unknowingly provide credentials to an undeclared skill surface. The number and type of env vars requested by the code are proportionate to the stated purpose, but they are not surfaced in the declared requirements.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent config, and runs only when invoked. It does not request elevated or persistent system privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pipedrive-crm-openclaw - After installation, invoke the skill by name or use
/pipedrive-crm-openclaw - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release: full Pipedrive API v1 CRM skill with setup wizard, CRUD/search helpers, stage moves, notes, and raw endpoint passthrough.
Metadata
Frequently Asked Questions
What is Pipedrive CRM (OpenClaw)?
Manage Pipedrive CRM from OpenClaw using API v1, including people, organizations, deals, leads, activities, notes, pipelines, and custom endpoint actions. Us... It is an AI Agent Skill for Claude Code / OpenClaw, with 666 downloads so far.
How do I install Pipedrive CRM (OpenClaw)?
Run "/install pipedrive-crm-openclaw" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pipedrive CRM (OpenClaw) free?
Yes, Pipedrive CRM (OpenClaw) is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Pipedrive CRM (OpenClaw) support?
Pipedrive CRM (OpenClaw) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pipedrive CRM (OpenClaw)?
It is built and maintained by danielfoch (@danielfoch); the current version is v0.1.0.
More Skills