company-research-intelligence-agent
Security checks across malware telemetry and agentic risk
Overview
The skill mostly fits company research, but review it carefully because it runs a helper found by broad filesystem search, sends your original prompts to Explorium by default, and stores result files in /tmp.
Install only if you are comfortable using an unofficial plugin with your Explorium API key. Prefer setting the key as an environment variable, verify the CLI path before allowing the agent to run it, avoid including sensitive intent in prompts that may be sent as metadata, and delete temporary result files after use.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A wrong local helper script could be executed and could misuse the API key or returned data.
The agent is instructed to discover and execute a Python helper from broad filesystem searches rather than a single verified packaged path. If an unintended or tampered agentsource.py is found first, the agent could run unreviewed code with access to the user's Explorium credential.
candidates = [pathlib.Path.home() / '.agentsource/bin/agentsource.py', *sorted(pathlib.Path('/').glob('sessions/*/mnt/**/*agentsource*/bin/agentsource.py')), *sorted(pathlib.Path('/').glob('**/.local-plugins/**/*agentsource*/bin/agentsource.py'))] ... RESULT=$(python3 "$CLI" statistics ...)Use a fixed, verified CLI path from the installed skill or ~/.agentsource/bin, verify file ownership/hash before execution, and avoid recursive root-level plugin searches.
Private research intent, due-diligence context, or meeting details could be sent to Explorium as metadata.
The workflow passes the user's original request text to the remote API as call-reasoning metadata by default. That may include sensitive business context beyond the company identifiers or filters needed for the lookup.
QUERY="<user's original request>" ... --plan-id "$PLAN_ID" --call-reasoning "$QUERY"
Omit --call-reasoning by default or ask the user before sending their original prompt as provider-side metadata.
Company intelligence or contact results may remain on disk and could be readable by other local users or processes in shared environments.
The CLI persists full API responses in /tmp using normal file writes, with no explicit restrictive permissions, random secure filename handling, or cleanup shown in the provided code.
All results are written to temporary files in /tmp/. ... TEMP_DIR = pathlib.Path("/tmp") ... path.write_text(json.dumps(data, indent=2, default=str))Write results to a private per-user directory or secure temp files with mode 600, use unpredictable filenames, and delete result files after the agent has summarized them.
Anyone who can access the saved key could use the user's Explorium account.
The skill needs an Explorium API key and can store it persistently. This is purpose-aligned and disclosed, but it grants access to the user's Explorium account and may consume account credits.
Optionally save your API key to $CONFIG_FILE (mode 600) ... The API key is only used when you run CLI commands that call https://api.explorium.ai/v1/.
Use a dedicated key if possible, keep ~/.agentsource/config.json protected, and remove or rotate the key if you stop using the skill.
Users may over-trust the plugin's credential handling because the authorship/provenance is ambiguous.
The author field implies official Explorium authorship while the description says the plugin is unofficial and not endorsed. That inconsistency matters because the skill asks users to configure an Explorium API key.
author: "Explorium" ... "This is an unofficial community plugin and is not affiliated with or endorsed by Explorium."
Verify the publisher independently before entering an API key, and the package should correct its author/provenance metadata.