Safety Report

Attio CRM

Name: Attio CRM
Rating: 3 (3 reviews)
Author: kesslerio

Manage Attio CRM records (companies, people, deals, tasks, notes). Search, create, update records and manage deal pipelines.

1,612Downloads

0Installs

3Stars

1Versions

Workflow Automation8,822 Search & Retrieval4,480 Project Management3,041 CRM & Sales2,146

Security Analysis

medium confidence

Suspicious0.04 risk

The skill appears to implement Attio CRM workflows, but there are mismatches between its declared requirements and what the install/runtime files actually use, and the setup writes your API token to disk in plaintext — review before installing.

Feb 11, 20267 files5 concerns

Purpose & Capabilityconcern

The skill's stated purpose (manage Attio CRM) matches the content of SKILL.md and reference docs. However, declared required binary is 'attio' while the README and setup.sh install and configure 'attio-mcp' and use mcporter; this inconsistency suggests the manifest doesn't accurately describe what will actually be used. A legitimate Attio skill might need attio-mcp and mcporter — the mismatch should be resolved.

Instruction Scopeconcern

SKILL.md runtime instructions are limited to running the attio CLI for CRM operations (expected). But the repository also includes a setup.sh that reads a local .env (if present), prompts for credentials, writes a mcporter server config, and symlinks the skill into ~/.clawdbot/skills. The setup actions go beyond just documentation: they persist credentials and modify user config directories, which is scope-expanding compared to the minimal SKILL.md metadata.

Install Mechanismnote

There is no platform install spec, but setup.sh will run npm install -g attio-mcp if required. Installing from the public npm registry is a common pattern (moderate risk) — nothing indicates a malicious download URL. Still, setup.sh performs global npm installs and filesystem changes, so run it manually and inspect the package(s) beforehand.

Credentialsconcern

The skill metadata and registry list only ATTIO_ACCESS_TOKEN as a required env var, but README and setup.sh also require ATTIO_WORKSPACE_ID and the mcporter config stores both. The setup script will prompt for and then write both values into ~/.config/mcporter/servers/attio/config.json in plaintext. Requesting and persisting the workspace ID is reasonable for connecting to Attio, but the manifest should declare it; storing API tokens unencrypted on disk increases exposure.

Persistence & Privilegeconcern

The skill is not marked 'always', and agent autonomous invocation remains allowed (default). The setup script will create/overwrite ~/.config/mcporter/servers/attio/config.json and symlink the skill into ~/.clawdbot/skills/attio, i.e., it modifies user config and persists credentials. That behavior is plausible for a Moltbot skill but is a privilege that merits caution because it leaves credentials and config on disk.

Guidance

This skill largely does what it claims (Attio CRM workflows) but has a few red flags you should verify before installing: - Manifest vs files mismatch: the declared required binary is 'attio', but setup and docs install/use 'attio-mcp' and mcporter. Confirm which CLI/server the environment needs and that those binaries are trustworthy. - Missing declared env var: README and setup.sh require ATTIO_WORKSPACE_ID in addition to ATTIO_ACCESS_TOKEN. The skill metadata omits the workspace ID — assume the setup will ask for both. - Persistent plaintext credentials: setup.sh writes your ATTIO_ACCESS_TOKEN and WORKSPACE_ID into ~/.config/mcporter/servers/attio/config.json in cleartext. If you install, consider restricting file permissions, using a secrets manager, or avoiding persisting the token. - Installer actions: setup.sh runs npm install -g attio-mcp (global package install), creates directories under your home, and symlinks the skill. Run the script manually (not as root), inspect attio-mcp on npm/GitHub first, and run in a controlled environment if you have doubts. - Source/ownership: registry metadata shows an owner ID and no homepage; the README links to a GitHub repo but the package origin isn't proven by the registry entry. If you need to trust this skill, verify the attio-mcp project and the repository owner directly. If any of the above is unacceptable, do not run setup.sh; instead manually install and configure only the components you trust and keep tokens out of persistent configs where possible.

Latest Release

v1.0.0

Initial ClawHub release

More by @kesslerio

Frontend Design Ultimate

36 stars

Academic Deep Research

24 stars

Finance News Briefings

7 stars

Phone Voice Agent

6 stars

Stealth Browser

4 stars

SoulCraft

3 stars

Published by @kesslerio on ClawHub