← 返回 Skills 市场
w7tf

Twenty CRM

作者 w7tf · GitHub ↗ · v0.0.2
darwinlinux ✓ 安全检测通过
286
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install 20-crm
功能描述
Interact with Twenty CRM (self-hosted) via REST/GraphQL.
使用说明 (SKILL.md)

Twenty CRM

Interact with your self-hosted Twenty instance via REST and GraphQL.

Config

Set these env vars directly, or place them in config/twenty.env:

  • TWENTY_BASE_URL (e.g. https://crm.example.com or http://localhost:3000)
  • TWENTY_API_KEY (Bearer token)

Scripts auto-load config/twenty.env relative to this skill. You can override the path with TWENTY_CONFIG_FILE.

Runtime Requirements

  • curl
  • python3

Commands

Low-level helpers

  • REST GET: skills/twenty-crm/scripts/twenty-rest-get.sh "/companies" 'filter={"name":{"ilike":"%acme%"}}' "limit=10" "offset=0"

  • REST POST: skills/twenty-crm/scripts/twenty-rest-post.sh "/companies" '{"name":"Acme"}'

  • REST PATCH: skills/twenty-crm/scripts/twenty-rest-patch.sh "/companies/\x3Cid>" '{"employees":550}'

  • REST DELETE: skills/twenty-crm/scripts/twenty-rest-delete.sh "/companies/\x3Cid>"

  • GraphQL: skills/twenty-crm/scripts/twenty-graphql.sh 'query { companies(limit: 5) { totalCount } }'

Common objects (examples)

  • Create company: skills/twenty-crm/scripts/twenty-create-company.sh "Acme" "acme.com" 500
  • Find companies by name: skills/twenty-crm/scripts/twenty-find-companies.sh "acme" 10

Notes

  • Twenty supports both REST (/rest/...) and GraphQL (/graphql).
  • Object names/endpoints can differ depending on your workspace metadata and Twenty version.
  • Auth tokens can be short-lived depending on your setup; refresh if you get 401.

Security

  • Keep TWENTY_API_KEY out of git and avoid storing it in shared/world-readable files.
  • If you use config/twenty.env, prefer restrictive permissions (for example chmod 600 config/twenty.env).
  • Pass REST query parameters as separate key=value arguments; do not append raw query strings to REST paths.
安全使用建议
This skill appears to do what it says: it sends REST/GraphQL requests to the configured Twenty CRM and expects TWENTY_BASE_URL and TWENTY_API_KEY. Before installing/using: (1) ensure the registry metadata accurately lists TWENTY_BASE_URL and TWENTY_API_KEY so you know what secrets are required; (2) keep your config file (config/twenty.env) out of version control and use restrictive permissions (chmod 600); (3) set TWENTY_CONFIG_FILE if you want the config outside the repo; (4) only pass trusted JSON as the GraphQL variables argument (the script inserts it verbatim into the request body); (5) inspect the scripts in your environment before running them to confirm they point only to your CRM endpoint. If you need higher assurance, run the scripts in an isolated environment or review network traffic to confirm no unexpected hosts are contacted.
功能分析
Type: OpenClaw Skill Name: 20-crm Version: 0.0.2 The skill bundle provides a well-structured and security-conscious interface for interacting with a Twenty CRM instance. It includes robust input validation in `scripts/twenty-config.sh` (e.g., `validate_rest_path`) and uses Python to safely encode JSON payloads and query parameters, preventing injection vulnerabilities. The README.md explicitly documents security hardening measures taken to address previous flaws, and there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
The skill is for interacting with a self-hosted Twenty CRM and the included scripts only call the CRM's REST or GraphQL endpoints. Requiring a base URL and API key (TWENTY_BASE_URL, TWENTY_API_KEY) and tools (curl, python3) is appropriate. Note: the registry metadata provided earlier lists no required env vars, but SKILL.md and the scripts clearly expect TWENTY_BASE_URL and TWENTY_API_KEY — this is an inconsistency in metadata, not in runtime behavior.
Instruction Scope
Runtime instructions and scripts stay within the CRM domain: they source a repo-relative config file (or TWENTY_CONFIG_FILE), validate REST paths, URL-encode query parameter values, and send requests to the configured TWENTY_BASE_URL. The GraphQL helper builds a JSON body and accepts an optional variables JSON string; that variables argument is included verbatim and therefore must be valid JSON (not a cross-service exfiltration vector by itself). There is no code that reads unrelated system files or sends data to external endpoints other than the configured CRM.
Install Mechanism
This skill is instruction/script-only (no external install/download). No third-party packages are pulled at install time; the scripts rely on curl and python3 already being available. This is low-risk from install-source perspective.
Credentials
The secrets requested (TWENTY_BASE_URL and TWENTY_API_KEY) are proportional and expected for a CRM integration. However, the skill registry metadata omitted these required env vars while SKILL.md and scripts declare/require them — the metadata mismatch should be corrected so users know which secrets will be needed.
Persistence & Privilege
The skill does not request elevated persistence (always:false) and does not attempt to modify other skills or system-wide agent settings. It only reads a per-skill config file if present. Autonomous invocation is allowed (platform default) but not combined with other concerning factors.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install 20-crm
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /20-crm 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.0.2
- Added runtime requirements section: now documents the need for curl and python3. - Updated metadata to specify environment variables and binary requirements. - Introduced a new security section with advice on protecting API keys and using restrictive permissions. - Clarified how to pass REST query parameters securely.
v0.0.1
twenty-crm 0.0.1 - Initial release of the skill for interacting with self-hosted Twenty CRM via REST and GraphQL. - Provides low-level helper scripts for REST GET, POST, PATCH, DELETE, and GraphQL queries. - Includes example scripts for common operations like creating companies and searching by name. - Supports flexible configuration via environment variables or a config file. - Compatible with Darwin and Linux systems.
元数据
Slug 20-crm
版本 0.0.2
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Twenty CRM 是什么?

Interact with Twenty CRM (self-hosted) via REST/GraphQL. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 286 次。

如何安装 Twenty CRM?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install 20-crm」即可一键安装,无需额外配置。

Twenty CRM 是免费的吗?

是的,Twenty CRM 完全免费(开源免费),可自由下载、安装和使用。

Twenty CRM 支持哪些平台?

Twenty CRM 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin, linux)。

谁开发了 Twenty CRM?

由 w7tf(@w7tf)开发并维护,当前版本 v0.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论