lead-contact-enrichment-agent
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill appears to perform lead enrichment as advertised, but it has review-worthy privacy, credential-handling, and provenance issues.
Install only if you trust the publisher and are comfortable sending lead/contact data to Explorium. Avoid entering secrets where they can be displayed or logged, consider omitting request-reasoning metadata, and delete temporary result files containing enriched emails or phone numbers after use.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe the plugin is official and trusted by Explorium when the artifact itself says it is not.
The skill simultaneously presents Explorium as the author while saying it is unofficial and not endorsed by Explorium. For a credential-using integration, this creates provenance ambiguity.
author: "Explorium" ... "Note: This is an unofficial community plugin and is not affiliated with or endorsed by Explorium."
Verify the publisher before entering an API key. The maintainer should use accurate author information, provide a homepage/source link, and remove conflicting branding.
Lead details, internal notes, or other sensitive information included in the user's prompt could be sent to the provider as metadata beyond the core search fields.
The workflow passes the full user request to the CLI as request metadata. The CLI code states that call-reasoning sends user query text to api.explorium.ai and should be opt-in, but the workflow does not include an explicit consent step.
QUERY="<user's original request>" ... --call-reasoning "$QUERY"
Do not send --call-reasoning by default. Ask the user before including prompt text in API metadata, or omit it unless strictly needed.
Enriched contact data may remain on disk and could be exposed on shared systems or accidentally reused in later agent sessions.
The CLI writes all API results, which may include enriched emails, phone numbers, and lead lists, to shared temporary files without visible per-file permission hardening or cleanup.
All results are written to temporary files in /tmp/. ... TEMP_DIR = pathlib.Path("/tmp") ... path.write_text(json.dumps(data, indent=2, default=str))Use a per-user secure temp directory, set restrictive permissions on result files, provide cleanup, and let users choose an output path for sensitive exports.
Someone with access to the terminal session, logs, or screen could see the API key.
The API key is expected for the service, but setup reads it with a visible prompt and later echoes a command containing the full key, which can expose the credential in terminal scrollback or logs.
read -r -p "Enter your Explorium API key (or press Enter to skip): " api_key ... echo " export EXPLORIUM_API_KEY='$api_key'"
Use a silent prompt such as read -s, avoid echoing the actual key back to the terminal, and prefer environment variables or secure credential storage.
The agent may traverse unrelated filesystem paths, which can be slow or unexpectedly inspect path names outside the project.
The skill tells the agent to search from the filesystem root to discover the CLI. This is intended to find the installed tool, but it is broader than a fixed install path.
pathlib.Path('/').glob('sessions/*/mnt/**/*agentsource*/bin/agentsource.py') ... pathlib.Path('/').glob('**/.local-plugins/**/*agentsource*/bin/agentsource.py')Prefer the documented install path under ~/.agentsource or a user-provided CLI path instead of broad recursive filesystem searches.
Users have less provenance information to verify the bundled executable code before running it.
The registry metadata does not provide a source/homepage or install spec, while the artifact includes executable setup and CLI code.
Source: unknown; Homepage: none ... No install spec — this is an instruction-only skill ... Code file presence: setup.sh, bin/agentsource.py
Review the included setup.sh and bin/agentsource.py before running them, and prefer packages with a verifiable source repository or publisher.