Salesforce
低风险
作者:byungkyu | 审计时间:2026-02-26T09:59:20.936Z | 规则集:0.2.0
技能介绍
Access the Salesforce REST API with managed OAuth authentication. Query records using SOQL, manage sObjects, and perform CRUD operations on your Salesforce data.
✨
Account - Companies/Organizations ✨
Contact - People associated with accounts ✨
Lead - Potential customers ✨
Opportunity - Sales deals ✨
Case - Support cases ✨
Task - To-do items 使用场景
文档(原文)
来源:SKILL.md 以下为作者原文(通常为英文)。安装请以页面顶部“快速安装”为准。
name: salesforce
description: |
Salesforce CRM API integration with managed OAuth. Query records with SOQL, manage sObjects (Contacts, Accounts, Leads, Opportunities), and perform batch operations. Use this skill when users want to interact with Salesforce data. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
compatibility: Requires network access and valid Maton API key
metadata:
author: maton
version: "1.0"
clawdbot:
emoji: 🧠
requires:
env:
- MATON_API_KEY
Salesforce
Access the Salesforce REST API with managed OAuth authentication. Query records using SOQL, manage sObjects, and perform CRUD operations on your Salesforce data.
Quick Start
# Query contacts
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/salesforce/services/data/v59.0/query?q=SELECT+Id,Name,Email+FROM+Contact+LIMIT+10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Base URL
https://gateway.maton.ai/salesforce/{native-api-path}
Replace {native-api-path} with the actual Salesforce REST API endpoint path. The gateway proxies requests to {instance}.salesforce.com (automatically replaced with your connection config) and injects your access token.
Authentication
All requests require the Maton API key in the Authorization header:
Authorization: Bearer $MATON_API_KEY
Environment Variable: Set your API key as MATON_API_KEY:
export MATON_API_KEY="YOUR_API_KEY"
Getting Your API Key
- Sign in or create an account at maton.ai
- Go to maton.ai/settings
- Copy your API key
Connection Management
Manage your Salesforce OAuth connections at https://ctrl.maton.ai.
List Connections
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=salesforce&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create Connection
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'salesforce'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Get Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"connection": {
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
"status": "ACTIVE",
"creation_time": "2025-12-08T07:20:53.488460Z",
"last_updated_time": "2026-01-31T20:03:32.593153Z",
"url": "https://connect.maton.ai/?session_token=...",
"app": "salesforce",
"metadata": {}
}
}
Open the returned url in a browser to complete OAuth authorization.
Delete Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Specifying Connection
If you have multiple Salesforce connections, specify which one to use with the Maton-Connection header:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/salesforce/services/data/v59.0/sobjects')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
If omitted, the gateway uses the default (oldest) active connection.
API Reference
SOQL Query
GET /salesforce/services/data/v59.0/query?q=SELECT+Id,Name+FROM+Contact+LIMIT+10
Complex query:
GET /salesforce/services/data/v59.0/query?q=SELECT+Id,Name,Email+FROM+Contact+WHERE+Email+LIKE+'%example.com'+ORDER+BY+CreatedDate+DESC
Get Object
GET /salesforce/services/data/v59.0/sobjects/{objectType}/{recordId}
Example:
GET /salesforce/services/data/v59.0/sobjects/Contact/003XXXXXXXXXXXXXXX
Create Object
POST /salesforce/services/data/v59.0/sobjects/{objectType}
Content-Type: application/json
{
"FirstName": "John",
"LastName": "Doe",
"Email": "john@example.com"
}
Update Object
PATCH /salesforce/services/data/v59.0/sobjects/{objectType}/{recordId}
Content-Type: application/json
{
"Phone": "+1234567890"
}
Delete Object
DELETE /salesforce/services/data/v59.0/sobjects/{objectType}/{recordId}
Describe Object (get schema)
GET /salesforce/services/data/v59.0/sobjects/{objectType}/describe
List Objects
GET /salesforce/services/data/v59.0/sobjects
Search (SOSL)
GET /salesforce/services/data/v59.0/search?q=FIND+{searchTerm}+IN+ALL+FIELDS+RETURNING+Contact(Id,Name)
Composite Request (batch multiple operations)
POST /salesforce/services/data/v59.0/composite
Content-Type: application/json
{
"compositeRequest": [
{
"method": "GET",
"url": "/services/data/v59.0/sobjects/Contact/003XXXXXXX",
"referenceId": "contact1"
},
{
"method": "GET",
"url": "/services/data/v59.0/sobjects/Account/001XXXXXXX",
"referenceId": "account1"
}
]
}
Composite Batch Request
POST /salesforce/services/data/v59.0/composite/batch
Content-Type: application/json
{
"batchRequests": [
{"method": "GET", "url": "v59.0/sobjects/Contact/003XXXXXXX"},
{"method": "GET", "url": "v59.0/sobjects/Account/001XXXXXXX"}
]
}
sObject Collections Create (batch create)
POST /salesforce/services/data/v59.0/composite/sobjects
Content-Type: application/json
{
"allOrNone": true,
"records": [
{"attributes": {"type": "Contact"}, "FirstName": "John", "LastName": "Doe"},
{"attributes": {"type": "Contact"}, "FirstName": "Jane", "LastName": "Smith"}
]
}
sObject Collections Delete (batch delete)
DELETE /salesforce/services/data/v59.0/composite/sobjects?ids=003XXXXX,003YYYYY&allOrNone=true
Get Updated Records
GET /salesforce/services/data/v59.0/sobjects/{objectType}/updated/?start=2026-01-30T00:00:00Z&end=2026-02-01T00:00:00Z
Get Deleted Records
GET /salesforce/services/data/v59.0/sobjects/{objectType}/deleted/?start=2026-01-30T00:00:00Z&end=2026-02-01T00:00:00Z
Get API Limits
GET /salesforce/services/data/v59.0/limits
List API Versions
GET /salesforce/services/data/
Common Objects
Account- Companies/OrganizationsContact- People associated with accountsLead- Potential customersOpportunity- Sales dealsCase- Support casesTask- To-do itemsEvent- Calendar events
Code Examples
JavaScript
const response = await fetch(
'https://gateway.maton.ai/salesforce/services/data/v59.0/query?q=SELECT+Id,Name+FROM+Contact+LIMIT+5',
{
headers: {
'Authorization': `Bearer ${process.env.MATON_API_KEY}`
}
}
);
const data = await response.json();
Python
import os
import requests
response = requests.get(
'https://gateway.maton.ai/salesforce/services/data/v59.0/query',
headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'},
params={'q': 'SELECT Id,Name FROM Contact LIMIT 5'}
)
Notes
- Use URL encoding for SOQL queries (spaces become
+) - Record IDs are 15 or 18 character alphanumeric strings
- API version (v59.0) can be adjusted; latest is v65.0
- Update and Delete operations return HTTP 204 (no content) on success
- Dates for updated/deleted queries use ISO 8601 format:
YYYY-MM-DDTHH:MM:SSZ - Use
allOrNone: truein batch operations for atomic transactions - IMPORTANT: When using curl commands, use
curl -gwhen URLs contain brackets (fields[],sort[],records[]) to disable glob parsing - IMPORTANT: When piping curl output to
jqor other commands, environment variables like$MATON_API_KEYmay not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.
Error Handling
| Status | Meaning |
|---|---|
| 400 | Missing Salesforce connection |
| 401 | Invalid or missing Maton API key |
| 429 | Rate limited (10 req/sec per account) |
| 4xx/5xx | Passthrough error from Salesforce API |
Troubleshooting: API Key Issues
- Check that the
MATON_API_KEYenvironment variable is set:
echo $MATON_API_KEY
- Verify the API key is valid by listing connections:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Troubleshooting: Invalid App Name
- Ensure your URL path starts with
salesforce. For example:
- Correct:
https://gateway.maton.ai/salesforce/services/data/v59.0/query - Incorrect:
https://gateway.maton.ai/services/data/v59.0/query
Resources
安全审计
低风险
摘要
Salesforce CRM API integration with managed OAuth. Query records with SOQL, manage sObjects (Contacts, Accounts, Leads, Opportunities), and perform batch operations. Use this skill when users want to interact with Salesforce data. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
风险画像
ToxicSkills 分析
黑名单
未命中
提示词注入
未检测到
当前静态检测未发现 Toxic 信号。
关键风险 0 项
暂无 LLM 风险要点(LLM 未启用或无缓存)。
确定性发现(证据)
未检测到发现。
评分标准
每个技能从 5 个维度评分,加权总分决定星级。
代码毒性 100/100 (权重 30%)
隐私风险 100/100 (权重 25%)
权限范围 100/100 (权重 20%)
作者声誉 75/100 (权重 15%)
代码质量 70/100 (权重 10%)
星级说明
5★ 安全 — 总分 ≥ 80
4★ 良好 — 总分 70–79
3★ 注意 — 总分 60–69
2★ 有风险 — 总分 40–59
1★ 危险 — 总分 < 40
为何是这个评分?
所有维度均高于 60 分,该技能通过安全基线。