Specter CLI – AI powered startup and deal sourcing
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: specter Version: 1.0.0 The skill bundle provides instructions for installing and using the `specter-cli` to interact with the Specter intelligence platform. The `SKILL.md` file outlines standard installation steps involving `git clone` and `npm install` from a specified GitHub repository, and details how to configure an API key. All network interactions are directed towards `https://app.tryspecter.com`. There is no evidence of prompt injection attempts against the AI agent, data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or obfuscation within the provided files. The file access for entity extraction (`specter entities search --file <path>`) is explicitly stated as part of the skill's functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill requires trusting the external CLI project and its npm dependencies.
The skill relies on installing and building an external GitHub repository that is not included in the provided artifact set.
git clone git@github.com:FroeMic/tryspecter-cli.git cd tryspecter-cli npm install npm run build npm link
Review the GitHub repository and package dependencies before installing, and prefer pinned releases or a documented package source if available.
The agent or CLI can use the API key to query Specter data, consume credits, and perform authorized account operations.
The CLI needs a Specter API key, which gives access to the user's Specter account and team credit allocation, even though the registry metadata lists no required credential.
Set `SPECTER_API_KEY` environment variable ... Auth: `X-API-KEY: $SPECTER_API_KEY`
Use a scoped or revocable API key if Specter supports it, store it securely, and rotate it if it is exposed.
Mistaken use could delete useful saved searches or curated business lists in the Specter account.
The documented CLI surface includes destructive account-management operations for Specter lists and saved searches.
specter lists companies delete <listId> ... specter lists people delete <listId> ... specter searches delete <searchId>
Require explicit user confirmation before running delete, remove, or other account-changing commands.
File snippets or pasted text used for entity extraction may be sent to Specter for processing.
The skill can read local file text for entity extraction and use the external Specter API service.
specter entities search --file <path> # Extract entities from a file (max 1000 chars) Base URL: `https://app.tryspecter.com/api/v1`
Do not use the file or text extraction commands on confidential documents unless sharing that content with Specter is acceptable.