Pluginv0.1.2

ClawScan security

Salesforce Plugin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 1:38 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The bundle is a documentation/skill-wrapper for Salesforce-focused agent skills and its declared files and instructions align with that purpose; it contains no installers or undeclared credential requirements, though it assumes Salesforce tooling and org credentials will be available at runtime.
Guidance: This bundle is a documentation and routing wrapper for Salesforce skills and appears coherent with that purpose. Before installing or invoking it: - Be prepared to provide Salesforce org access (org alias, ECA/JWT, or connected-app credentials) when you run tests or runtime APIs — the skill expects those at runtime but does not declare env vars in the manifest. - The SKILL.md instructs use of sf CLI and Python scripts; ensure you trust the repo maintainer before running any scripts locally and inspect scripts in the repository if you plan to execute them. - Do not paste long-lived secrets into chat; prefer scoped connected-app credentials and short-lived tokens where possible. - If you enable autonomous invocation for the agent, consider limiting what it can do (or grant it a non-privileged test org) because agent workflows may run commands that act against Salesforce orgs. Overall this bundle looks internally consistent and intended for Salesforce platform work; treat it like other integration skills that require platform credentials and local tooling and follow usual operational precautions.

Review Dimensions

Purpose & Capability: okName and description (Salesforce plugin/wrapper for sf-* skills) match the SKILL.md contents. The repository is a packaging/manifest wrapper around many sf-* SKILL.md docs and reference material; nothing requests unrelated cloud credentials or unrelated binaries. The content legitimately targets Salesforce tasks (Apex, Flow, Agentforce, Data Cloud, CI/test workflows).
Instruction Scope: noteSKILL.md files keep to Salesforce-focused workflows (agent building, testing, telemetry extraction, persona design, etc.). They instruct the agent to gather org context, use sf CLI commands (e.g., sf agent activate, sf agent test), run provided scripts (python3 scripts/...), and write local artifacts (e.g., _local/generated/*.md or parquet extraction outputs). They do reference local paths (e.g., ~/.claude/skills/...) and Python scripts under scripts/ — these are reasonable for the stated tasks, but they do assume local tooling and that the user will provide org auth. The SKILL.md do not instruct accessing unrelated system files or exfiltrating data to unknown external endpoints.
Install Mechanism: okNo install spec is included (instruction-only bundle). That minimizes install-time risk. The repo points to upstream GitHub and uses standard packaging metadata; there are no archive downloads, third-party package installs, or remote URLs that would write arbitrary code during install.
Credentials: noteThe registry metadata declares no required env vars or primary credentials, which matches the instruction-only shape. However the skill content legitimately expects Salesforce access (org alias, ECA/JWT/connected-app auth) and common tooling (sf CLI, Python). These runtime credentials and tools are normal and proportional for Salesforce tasks but are not encoded as required env vars in the manifest — users should be aware that org credentials will be needed when exercising testing, runtime API, or Data 360 extraction features.
Persistence & Privilege: okFlags show always:false and default model invocation allowed; this is normal. The skill does not request permanent platform privileges or attempt to modify other skills' configs. SKILL.md mentions writing local generated artifacts, which is consistent with its purpose and not an elevation of privilege.