ClawHub
Bundle Pluginsource linked

Salesforce Pluginv0.1.2

Salesforce skill bundle plugin for Codex-compatible hosts and OpenClaw bundle installs.

openclaw-salesforce-plugin·runtime openclaw-salesforce-plugin·by @dsouza-anush
openclaw bundles install clawhub:openclaw-salesforce-plugin
Latest release: v0.1.2Download zip

Capabilities

Bundle format
codex
Tags
bundle-onlyformat:codexhost:codex
Host targets
codex
Runtime ID
openclaw-salesforce-plugin

Compatibility

Built With Open Claw Version
0.1.2
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (Salesforce plugin/wrapper for sf-* skills) match the SKILL.md contents. The repository is a packaging/manifest wrapper around many sf-* SKILL.md docs and reference material; nothing requests unrelated cloud credentials or unrelated binaries. The content legitimately targets Salesforce tasks (Apex, Flow, Agentforce, Data Cloud, CI/test workflows).
Instruction Scope
SKILL.md files keep to Salesforce-focused workflows (agent building, testing, telemetry extraction, persona design, etc.). They instruct the agent to gather org context, use sf CLI commands (e.g., sf agent activate, sf agent test), run provided scripts (python3 scripts/...), and write local artifacts (e.g., _local/generated/*.md or parquet extraction outputs). They do reference local paths (e.g., ~/.claude/skills/...) and Python scripts under scripts/ — these are reasonable for the stated tasks, but they do assume local tooling and that the user will provide org auth. The SKILL.md do not instruct accessing unrelated system files or exfiltrating data to unknown external endpoints.
Install Mechanism
No install spec is included (instruction-only bundle). That minimizes install-time risk. The repo points to upstream GitHub and uses standard packaging metadata; there are no archive downloads, third-party package installs, or remote URLs that would write arbitrary code during install.
Credentials
The registry metadata declares no required env vars or primary credentials, which matches the instruction-only shape. However the skill content legitimately expects Salesforce access (org alias, ECA/JWT/connected-app auth) and common tooling (sf CLI, Python). These runtime credentials and tools are normal and proportional for Salesforce tasks but are not encoded as required env vars in the manifest — users should be aware that org credentials will be needed when exercising testing, runtime API, or Data 360 extraction features.
Persistence & Privilege
Flags show always:false and default model invocation allowed; this is normal. The skill does not request permanent platform privileges or attempt to modify other skills' configs. SKILL.md mentions writing local generated artifacts, which is consistent with its purpose and not an elevation of privilege.
Assessment
This bundle is a documentation and routing wrapper for Salesforce skills and appears coherent with that purpose. Before installing or invoking it: - Be prepared to provide Salesforce org access (org alias, ECA/JWT, or connected-app credentials) when you run tests or runtime APIs — the skill expects those at runtime but does not declare env vars in the manifest. - The SKILL.md instructs use of sf CLI and Python scripts; ensure you trust the repo maintainer before running any scripts locally and inspect scripts in the repository if you plan to execute them. - Do not paste long-lived secrets into chat; prefer scoped connected-app credentials and short-lived tokens where possible. - If you enable autonomous invocation for the agent, consider limiting what it can do (or grant it a non-privileged test org) because agent workflows may run commands that act against Salesforce orgs. Overall this bundle looks internally consistent and intended for Salesforce platform work; treat it like other integration skills that require platform credentials and local tooling and follow usual operational precautions.

Verification

Tier
source linked
Scope
artifact only
Summary
Validated package structure and linked the release to source metadata.
Source
github.com/dsouzaAnush/salesforce-plugin
Commit
2167446ce165
Tag
main
Provenance
No
Scan status
clean

Tags

latest
0.1.2
salesforce
0.1.2
<p align="center"> <img src="assets/salesforce-logo.png" alt="Salesforce cloud logo" width="88" height="88"> </p>

salesforce-plugin

A dedicated plugin wrapper repo for Salesforce agent skills.

This repository is packaged as a Codex bundle plugin and is also intended to be publishable to ClawHub as an OpenClaw-compatible bundle package.

This repo is the plugin-side companion to the upstream skills repo at:

The split is intentional:

  • salesforce-skills stays the reusable upstream source of truth for sf-* skills
  • salesforce-plugin adds plugin-specific wrapper structure:
    • plugin manifest
    • future hooks, commands, and agents
    • generated manifests
    • plugin-specific routing metadata
    • upstream sync workflow

Host compatibility

The root package.json is intentionally additive packaging metadata. It does not change the Codex plugin behavior or the shipped Salesforce skills.

Layout

salesforce-plugin/
├── .codex-plugin/plugin.json
├── .agents/plugins/marketplace.json
├── salesforce.md
├── skills/
│   └── sf-*/ 
│       ├── overlay.yaml
│       ├── upstream/
│       │   └── ...
│       └── SKILL.md
├── scripts/
│   ├── sync_upstream_skills.py
│   ├── build_skills.py
│   ├── build_skill_manifest.py
│   ├── skill_utils.py
│   └── validate.py
├── generated/
├── hooks/
├── commands/
├── agents/
└── tests/

Upstream workflow

  1. Sync current upstream skills:
python3 scripts/sync_upstream_skills.py
  1. Rebuild top-level plugin skill outputs:
python3 scripts/build_skills.py
python3 scripts/build_skill_manifest.py
  1. Build a publishable ClawHub artifact:
python3 scripts/build_clawhub_bundle.py

The default curated profile is the current publish-safe ClawHub shape. It keeps the plugin Codex-compatible and adds a small set of high-value reference docs for the main Salesforce skill families while avoiding the larger sync-only payloads that caused ClawHub bundle publishes to fail in practice.

It includes:

  • root bundle manifests and plugin branding assets
  • root agent metadata
  • each skill's SKILL.md
  • each skill's agents/openai.yaml
  • a curated subset of reference docs for Apex, LWC, Flow, SOQL, metadata, testing, deploy, integration, connected apps, and selected Agentforce skills

Other profiles are available when you need stricter or larger artifacts:

  • core
  • core-assets
  • core-refs-assets
  • runtime

At the moment, both core and curated are verified to publish cleanly to ClawHub for this repo. core is the fallback minimal shape. curated is the recommended publish target.

  1. Run stale-build checks:
python3 scripts/build_skills.py --check
python3 scripts/build_skill_manifest.py --check
python3 scripts/validate.py
  1. Run tests:
pytest -q
pytest --cov=scripts --cov-report=term-missing -q

Current status

  • The repo is scaffolded as a plugin root.
  • Salesforce skills are synced from the local upstream checkout.
  • Generated artifacts are tracked and validated for drift.
  • Overlay metadata is intentionally minimal in v1, but the generated manifest now exposes structured routing metadata and prompt fixtures for eval-style checks.
  • ClawHub publishing should use the generated dist/clawhub/curated/ artifact instead of the full repo root.