← 返回 Skills 市场
2731
总下载
0
收藏
7
当前安装
1
版本数
在 OpenClaw 中安装
/install salesforce
功能描述
Query and manage Salesforce CRM data via the Salesforce CLI (`sf`). Run SOQL/SOSL queries, inspect object schemas, create/update/delete records, bulk import/export, execute Apex, deploy metadata, and make raw REST API calls.
安全使用建议
This skill appears to be what it says: a wrapper around the Salesforce CLI. Before installing, consider: 1) The CLI will require you to authenticate to a Salesforce org; those credentials (access tokens, refresh tokens, JWT key files, sfdx auth URLs) are sensitive — avoid exposing them to an agent you don't trust. 2) The skill can run destructive operations (create/update/delete, deploy, execute Apex). Only enable autonomous invocation if you want the agent to act on your org without manual approval. 3) Installing @salesforce/cli via npm may require elevated privileges and will run normal npm install scripts — if you prefer, install the official CLI yourself from developer.salesforce.com and keep credential files under your control. 4) If you need higher assurance, verify the npm package source and ownership before installing and prefer interactive (web) login flows over embedding keys in files where possible.
功能分析
Type: OpenClaw Skill
Name: salesforce
Version: 1.0.0
The skill provides extensive and high-risk capabilities for interacting with Salesforce, including executing arbitrary Apex code, making raw REST/GraphQL API calls, and performing bulk data operations (create, update, delete) via the `sf` CLI. While the `SKILL.md` includes explicit guardrails instructing the AI agent to seek user confirmation for destructive actions, the inherent power of these commands (e.g., `sf apex run`, `sf api request rest`) means that a compromised agent or a malicious user could cause significant harm. There is no clear evidence of intentional malicious behavior or prompt injection designed to bypass these guardrails within the skill's definition itself, but the broad permissions and powerful actions classify it as suspicious.
能力评估
Purpose & Capability
Name and description describe Salesforce CLI operations; the skill requires the 'sf' binary and provides an npm install for @salesforce/cli which legitimately supplies that binary. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
SKILL.md contains detailed sf CLI commands for queries, record create/update/delete, Apex execution, metadata deploys, and multiple authentication flows. These instructions are within the skill's stated scope. They explicitly reference sensitive actions and outputs (access tokens, refresh tokens, JWT key files) and correctly note that authentication is required and that some commands reveal sensitive info. The agent will be able to run commands that read local auth files (e.g., server.key, authUrl.txt) and display tokens — this is expected behavior but important for users to know.
Install Mechanism
Install uses the official-looking npm package @salesforce/cli to provide the 'sf' binary, and the README also points to developer.salesforce.com. Installing via npm is a standard, reasonable approach. Note: a global npm install may require elevated permissions and runs package postinstall scripts like any npm package.
Credentials
The skill declares no required environment variables or config paths, which is consistent because authentication is performed via the CLI at runtime. However, the instructions reference local credential artifacts (JWT key files, sfdx auth URL files) and commands that surface tokens; those are sensitive but appropriate for a Salesforce CLI integration. Users should be aware the agent will be able to access any credential files it is directed to use.
Persistence & Privilege
always:false and user-invocable:true (with normal autonomous invocation allowed) — typical and appropriate. The skill does not request system-wide persistence or modification of other skills. Caution: if the agent is granted Salesforce credentials, autonomous invocation could allow it to perform destructive changes in the org; that is an operational risk, not an incoherence.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install salesforce - 安装完成后,直接呼叫该 Skill 的名称或使用
/salesforce触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: comprehensive Salesforce CLI (sf) skill covering SOQL/SOSL queries, record CRUD, bulk operations, Apex execution, REST API, metadata deployment, and schema inspection.
元数据
常见问题
Salesforce Skill 是什么?
Query and manage Salesforce CRM data via the Salesforce CLI (`sf`). Run SOQL/SOSL queries, inspect object schemas, create/update/delete records, bulk import/export, execute Apex, deploy metadata, and make raw REST API calls. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 2731 次。
如何安装 Salesforce Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install salesforce」即可一键安装,无需额外配置。
Salesforce Skill 是免费的吗?
是的,Salesforce Skill 完全免费(开源免费),可自由下载、安装和使用。
Salesforce Skill 支持哪些平台?
Salesforce Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Salesforce Skill?
由 ArvorCo(@arvorco)开发并维护,当前版本 v1.0.0。
推荐 Skills