Back to plugin

Security audit

Salesforce Commerce

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Salesforce Commerce development guidance skill with purpose-aligned documentation fetching and safety-check scripts, with no artifact-backed evidence of hidden credential theft, persistence, or destructive behavior.

This skill looks safe to install as developer guidance. Expect it to encourage web lookups of official Salesforce documentation, and be cautious before allowing any agent-run Salesforce CLI command, especially deploys, org logins, code activations, deletes, or production-targeted actions. Verify separately whether the bundled safety hook scripts are actually enabled in your OpenClaw environment.

VirusTotal

No VirusTotal findings

View on VirusTotal

Static analysis

No suspicious patterns detected.