← 返回 Skills 市场
dashiming

Pans Crm Sync

作者 dashiming · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
58
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pans-crm-sync
功能描述
AI算力销售 CRM 同步工具。对接 Salesforce 和 HubSpot 双平台, 自动同步客户状态、更新 Pipeline、生成 CRM 报表,支持双向/增量同步 和冲突检测与解决。 触发词:CRM同步, 客户同步, Salesforce, HubSpot, pipeline同步, 客户状态更新, CRM...
安全使用建议
This skill appears to do what it says (sync Salesforce and HubSpot), but the registry metadata failing to declare required environment variables is a warning sign — the code expects sensitive credentials (Salesforce username/password/security token and HubSpot API key). Before installing or running: 1) review the full script (you already have it) to confirm there are no hidden endpoints; 2) run it in an isolated environment (or container) and avoid using production/high-privilege credentials — create and use least-privilege API tokens or a test account; 3) be aware you'll need to pip install external SDKs (verify their provenance); 4) consider rotating credentials after use and monitor API/activity logs for unexpected access. If the registry entry will be published, ask the maintainer to update the metadata to list the required env vars so the requirement is transparent.
功能分析
Type: OpenClaw Skill Name: pans-crm-sync Version: 1.0.0 The skill bundle provides legitimate CRM synchronization functionality for Salesforce and HubSpot, but it contains a SOQL injection vulnerability in scripts/crm.py. Specifically, the query_salesforce function directly interpolates the 'email' argument into a SOQL query string using f-strings, which could allow for unauthorized data access if provided with crafted input. No evidence of intentional malice or data exfiltration to third-party domains was found.
能力标签
requires-sensitive-credentials
能力评估
Purpose & Capability
The skill's name/description (Salesforce + HubSpot CRM sync) matches the code and runtime instructions: it queries contacts, updates pipeline stages, and supports sync/query/update operations. Requiring Salesforce username/password/security token and a HubSpot API key is appropriate for this purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the SKILL.md and the script.
Instruction Scope
SKILL.md and scripts/crm.py confine actions to interacting with Salesforce and HubSpot APIs, printing results, and optionally writing output JSON to a user-specified file. There are no instructions to read unrelated system files, exfiltrate data to arbitrary endpoints, or perform other out-of-scope actions.
Install Mechanism
There is no formal install spec (instruction-only), which minimizes automatic code installation risk. The README asks users to run pip install simple-salesforce and hubspot-api-client — expected for this functionality but means external packages will be installed at runtime. Those are standard SDKs, not obscure hosts, but pip installs always carry supply-chain risk.
Credentials
The code requires sensitive credentials (SALESFORCE_USERNAME, SALESFORCE_PASSWORD, SALESFORCE_SECURITY_TOKEN, HUBSPOT_API_KEY) — appropriate for the stated integrations — but the registry metadata declares no required environment variables or primary credential. This mismatch is an incoherence: the skill will prompt for or expect secrets even though the registry advertises none. Users should be aware and ensure they only provide least-privilege credentials.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It does not modify other skills or system-wide settings. Autonomous invocation is permitted (platform default) but not combined with other high-risk flags.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install pans-crm-sync
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /pans-crm-sync 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of pans-crm-sync. - Supports Salesforce and HubSpot CRM platforms. - Enables automated, bidirectional, and incremental customer data synchronization. - Updates Pipeline states and generates CRM reports. - Includes conflict detection and resolution. - Provides a CLI for syncing, updating, and querying customer records.
元数据
Slug pans-crm-sync
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Pans Crm Sync 是什么?

AI算力销售 CRM 同步工具。对接 Salesforce 和 HubSpot 双平台, 自动同步客户状态、更新 Pipeline、生成 CRM 报表,支持双向/增量同步 和冲突检测与解决。 触发词:CRM同步, 客户同步, Salesforce, HubSpot, pipeline同步, 客户状态更新, CRM... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 58 次。

如何安装 Pans Crm Sync?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install pans-crm-sync」即可一键安装,无需额外配置。

Pans Crm Sync 是免费的吗?

是的,Pans Crm Sync 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Pans Crm Sync 支持哪些平台?

Pans Crm Sync 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Pans Crm Sync?

由 dashiming(@dashiming)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论