by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill proxies Salesforce API calls through Maton (gateway.maton.ai) and requires a MATON_API_KEY — installing it gives that key (and thus Maton) the ability to act on your Salesforce connections. Before installing: 1) Confirm you trust Maton (review maton.ai privacy/security docs and the account that issued your API key). 2) Use least-privilege keys and, if possible, a Salesforce sandbox connection for testing. 3) Store MATON_API_KEY securely (not in shared repos) and be prepared to rotate/...详细分析 ▾
✓ 用途与能力
The name/description (Salesforce CRM integration) match the runtime instructions: all example calls target Maton-managed endpoints that proxy Salesforce. Requesting a single MATON_API_KEY is consistent with a managed-OAuth gateway service.
ℹ 指令范围
SKILL.md only contains example HTTP calls and Python snippets that read MATON_API_KEY and call Maton endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai, maton.ai). This stays within the Salesforce-integration scope, but note that traffic and OAuth flows are proxied through Maton rather than calling salesforce.com directly — users must trust Maton for access to their Salesforce data.
✓ 安装机制
Instruction-only skill with no install spec or code files — lowest install risk (nothing is written to disk or fetched at install time).
ℹ 凭证需求
The only required env var is MATON_API_KEY, which is appropriate for a proxy/gateway API. Minor metadata inconsistency: registry metadata lists 'Primary credential: none' while SKILL.md requires MATON_API_KEY; this appears to be a documentation/metadata mismatch but not a functional problem.
✓ 持久化与权限
always:false and no config paths requested. The skill allows autonomous invocation (disable-model-invocation:false) which is the platform default; that is expected for a callable integration but means the agent can call this skill when eligible.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.42026/2/2
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install salesforce-api
镜像加速npx clawhub@latest install salesforce-api --registry https://cn.longxiaskill.com