← 返回 Skills 市场
openclaw-crm
作者
frank-bot07
· GitHub ↗
· v1.0.0
622
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install openclaw-crm
功能描述
Local-first CRM for managing leads, deals, follow-ups, and pipelines via CLI using SQLite with WAL mode.
安全使用建议
Before installing: 1) Inspect the interchange behavior — src/interchange.js writes state/deals .md files that include contact names, emails and deal values. If your workspace/interchange directory is shared with other agents or users, this will expose PII and monetary data. If you do not want that, modify or disable the refresh/write functions. 2) Verify the referenced writeMd import (../../interchange/src/index.js) exists in your environment or replace it with a local writer; the relative import looks like it will fail unless an interchange package is present at that path. 3) Run npm install in an isolated environment or container: better-sqlite3 builds native modules and may require build tools. 4) Audit dependencies (npm audit) and review package-lock.json for unexpected packages. 5) Be aware backups copy .db, .wal, .shm files — secure those files and their destinations. 6) If you plan to let agents run this autonomously, explicitly confirm which interchange files will be published and who/what can read workspace/interchange; the code currently writes sensitive state data which could be picked up by other agents. If you want, I can point to the specific lines that produce interchange/deal content and suggest small code edits to redact sensitive fields.
功能分析
Type: OpenClaw Skill
Name: openclaw-crm
Version: 1.0.0
The skill is classified as suspicious due to a critical vulnerability in its `backup` command, located in `src/cli.js` and `src/backup.js`. The `--output <path>` option for `crm backup` allows an attacker (via prompt injection to the agent) to specify an arbitrary absolute file path. This enables the skill to write the database backup files (`.db`, `.db-wal`, `.db-shm`) to any location on the filesystem, potentially overwriting sensitive system files (e.g., `/etc/passwd.db`, `/etc/cron.d/malicious_job.db`). While the skill itself does not exhibit malicious intent, this arbitrary file write capability represents a significant security flaw that could be exploited for system compromise.
能力评估
Purpose & Capability
Name/description and the included code (SQLite-backed CLI, contacts/deals/follow-ups, reports, backup/restore) are consistent. No unexpected external credentials, binaries, or network clients are requested. However, the README and interchange comments make mixed claims about what interchange files will contain (an assertion that 'ops' outputs contain no deal values or contact info contrasts with code that writes state/deal files containing contact emails and deal values). This is a design/policy inconsistency worth noting.
Instruction Scope
SKILL.md instructs running `npm install` and `node src/cli.js refresh` and to use an exec tool to run CLI commands. That is expected for a CLI skill, but the code writes Markdown 'interchange' files into an interchange/ directory and those files include contact names, emails and deal values in state/deals files — which could leak sensitive data to any consumer of the workspace/interchange path. Also src/interchange.js imports writeMd from '../../interchange/src/index.js' (a relative path outside the package) which may be unresolved at runtime; this mismatch between documentation, filesystem locations, and imports is suspicious and should be validated before use.
Install Mechanism
There is no formal install spec in registry metadata (instruction-only skill), but SKILL.md and package.json require running `npm install`. Dependencies are normal npm packages (better-sqlite3, commander, uuid) and package-lock.json is included. Installing will fetch from the public npm registry and better-sqlite3 may build native artifacts; this is common but means extra caution (build tools, native binaries). No downloads from obscure URLs were observed.
Credentials
The skill declares no required environment variables or credentials and the code doesn't read external secrets. That aligns with a local-first CRM.
Persistence & Privilege
Skill is not marked always:true and does not request elevated platform privileges. It writes files under its own data/interchange paths and copies DB files for backups — normal for a local CLI tool.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install openclaw-crm - 安装完成后,直接呼叫该 Skill 的名称或使用
/openclaw-crm触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Local-first CRM. 10 tests.
元数据
常见问题
openclaw-crm 是什么?
Local-first CRM for managing leads, deals, follow-ups, and pipelines via CLI using SQLite with WAL mode. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 622 次。
如何安装 openclaw-crm?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-crm」即可一键安装,无需额外配置。
openclaw-crm 是免费的吗?
是的,openclaw-crm 完全免费(开源免费),可自由下载、安装和使用。
openclaw-crm 支持哪些平台?
openclaw-crm 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 openclaw-crm?
由 frank-bot07(@frank-bot07)开发并维护,当前版本 v1.0.0。
推荐 Skills