Latest release: v0.0.1Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The bundle purpose is coherent with the manifest: it packages many Salesforce-oriented skills, references, templates, and examples for Apex, LWC, Flow, deployment, data, diagrams, and Agentforce. The breadth is notable but still aligned with the stated Salesforce plugin purpose.
Instruction Scope
Shown instructions are primarily documentation and examples. Prompt-injection strings appear in testing/security examples, not as hidden instructions to the host agent.
Install Mechanism
No install spec, package scripts, dependency install, or automatic execution path is shown. The bundle declares Codex/OpenClaw bundle metadata only.
Credentials
The registry declares no required binaries or credentials, while included references show Salesforce CLI usage against a target org. This is expected for Salesforce work but should be treated as user-directed and least-privilege.
Persistence & Privilege
No background persistence or self-starting behavior is shown. Some examples would use existing Salesforce org authentication and could affect org data or metadata if the user runs them.
Scan Findings in Context
[suspicious.exposed_secret_literal @ skills/sf-apex/references/anti-patterns.md:515] expected: The flagged string is a redacted placeholder in an anti-pattern example: `String apiKey = '[REDACTED]'; // NEVER hardcode secrets!`, not an exposed real secret.
[suspicious.exposed_secret_literal @ skills/sf-diagram-mermaid/assets/oauth/refresh-token.md:62] expected: The flagged bearer token is shown as `Authorization: Bearer [REDACTED]` inside OAuth documentation/diagram material, not as a real credential.
[suspicious.prompt_injection_instructions @ skills/sf-ai-agentforce-testing/references/multi-turn-testing.md:296] expected: The prompt-injection phrase is presented as a test user input example for Agentforce testing.
[suspicious.prompt_injection_instructions @ skills/sf-ai-agentscript/references/fsm-architecture.md:393] expected: The phrase appears in a taxonomy row describing prompt-injection attempts, not as an instruction to obey.
What to consider before installing
This appears safe to install as a Salesforce reference/template bundle, but treat it as capable of guiding real Salesforce CLI, deployment, and data operations. Use sandboxes where possible, verify the active Salesforce target org, inspect helper scripts before running them, and require explicit approval for destructive, bulk, or production changes. ClawScan detected prompt-injection indicators (ignore-previous-instructions, you-are-now), so this skill requires review even though the model response was benign.skills/sf-apex/references/anti-patterns.md:515
File appears to expose a hardcoded API secret or token.
skills/sf-diagram-mermaid/assets/oauth/refresh-token.md:62
File appears to expose a hardcoded API secret or token.
skills/sf-ai-agentforce-testing/references/multi-turn-testing.md:296
Prompt-injection style instruction pattern detected.
skills/sf-ai-agentscript/references/fsm-architecture.md:393
Prompt-injection style instruction pattern detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.