Sales Rhythm Tracker — Alibaba Iron Army B2B Pipeline

B2B sales pipeline manager powered by the Alibaba Iron Army (阿里铁军) methodology. Use this skill for daily sales briefings, lead management, pipeline health ch...

This skill appears to do what it says: local, markdown-based pipeline management using a set of bash scripts. It does not contact external servers or ask for credentials. Before installing, consider these practical points: - Data exposure: Pipeline entries and activity logs are stored as plain text under ~/.openclaw/workspace/sales. If you will store real leads (PII, company data, deal values), ensure that the host/user account and backups are secure (encrypted disk, proper file permissions). - Agent output: The scripts and SKILL.md instruct the agent to read and print pipeline contents. If your agent forwards messages or integrates with networked services (chat apps, email, calendar), pipeline data could be transmitted externally. Only allow this skill if you trust the agent's messaging endpoints. - Local execution: The scripts perform simple file writes and use standard utilities (mkdir, cat, echo, date, tail). They do not execute user-supplied strings as shell commands, but they do write user-supplied text into markdown without sanitization. Avoid pasting untrusted content that could confuse downstream tooling. - Pairing with other skills: The README suggests integrations (calendar, voice-to-text). Those companion skills may introduce network access; review them separately if you plan to enable integrations. If you need stronger protections, consider running the workspace on an encrypted home directory, restricting file permissions (chmod 700), or adapting the scripts to encrypt/decrypt the markdown files.

Type: OpenClaw Skill Name: sales-rhythm-tracker Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability present in `scripts/add-lead.sh` and `scripts/log-activity.sh`. These scripts directly embed unsanitized user-provided arguments into markdown files via heredocs, which could allow arbitrary command execution if the OpenClaw agent passes malicious input containing shell metacharacters. Additionally, the skill's reliance on complex 'AGENT INSTRUCTIONS' within its scripts and `SKILL.md` for parsing and modifying local markdown files, while not inherently malicious, presents a significant attack surface for prompt injection against the AI agent if its input sanitization and execution guardrails are insufficient. There is no evidence of intentional data exfiltration, backdoors, or unauthorized network activity.