Is danielfoch/pipedrive-crm-openclaw safe?

https://github.com/openclaw/skills/tree/main/skills/danielfoch/pipedrive-crm-openclaw

94
SAFE

This skill appears to be a legitimate Pipedrive CRM integration that provides API wrapper functionality for common CRM operations. The code is well-structured, includes appropriate safety measures, and shows no evidence of malicious behavior or data exfiltration attempts.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

LOW Executable Python Scripts Present -15

The skill contains Python scripts that execute API calls, which represents a moderate execution risk, though they appear to be legitimate API wrappers.

INFO API Token Usage -5

Skill requires API tokens for Pipedrive access, which is standard for CRM integrations but represents inherent credential risk.

INFO External API Dependency -10

Skill makes HTTP requests to external Pipedrive API endpoints, which is expected for CRM functionality but represents external dependency risk.