Skillv1.0.0

ClawScan security

lead-contact-enrichment-agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 28, 2026, 7:41 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its name says (B2B enrichment via an Explorium API) but there are several metadata and instruction inconsistencies you should be aware of before installing.
Guidance: This package appears to be an Explorium AgentSource CLI wrapper that will enrich contacts/companies via api.explorium.ai and needs your Explorium API key. Before installing or using it: 1) Verify the source and owner (no homepage is provided and registry metadata mismatches are present). 2) Inspect bin/agentsource.py yourself (it is included) to confirm network endpoints and behaviors; it writes results to /tmp and sends calls to https://api.explorium.ai/v1, which matches the documentation. 3) Consider not persisting your API key to disk (declines the setup prompt) and instead export EXPLORIUM_API_KEY in a session-only manner if you prefer. 4) Be aware the runtime discovery code glob-scans wide filesystem paths — run setup and CLI in a controlled account or sandbox if you are concerned. 5) Avoid using --call-reasoning (or only use it with explicit consent) because that option sends the user query text to the remote service as metadata. If you need higher assurance, ask the publisher for an authoritative homepage, confirm the ownerId, or run the CLI in an isolated environment first.

Review Dimensions

Purpose & Capability: noteThe skill's name, description, SKILL.md, setup.sh, and CLI (bin/agentsource.py) all align: they call https://api.explorium.ai/v1 to enrich leads/companies and require an EXPLORIUM_API_KEY. However, the registry metadata claims no required environment variables or primary credential, which contradicts both SKILL.md and the CLI code that require an API key. Also _meta.json.ownerId differs from the registry Owner ID, and the package has no homepage — these metadata mismatches reduce confidence.
Instruction Scope: noteRuntime instructions are narrowly focused on discovering and running the included CLI, matching/enriching records, writing results to temp files, and presenting previews — all appropriate for enrichment. Two items to note: (1) the discovery snippet searches broad filesystem globs (e.g., scanning /sessions/*/mnt/**/*) which can traverse many paths and may be broader than necessary; (2) the CLI supports an optional --call-reasoning argument that will send the user's query text as metadata to the remote API (the code documents this and marks it opt-in, but it is a potential privacy leak if used without consent).
Install Mechanism: noteThere is no remote download; the provided setup.sh copies included bin/agentsource.py to ~/.agentsource/bin and can optionally write a config file (mode 600). That local install approach is lower risk than fetching arbitrary remote code. But the package is marked as 'instruction-only' in the registry even though it includes an installer and a CLI — that inconsistency is noteworthy.
Credentials: noteThe only credential the skill needs is an Explorium API key (EXPLORIUM_API_KEY), which is proportionate to its stated purpose. The problem is the registry metadata omitted this requirement; the SKILL.md and CLI explicitly require the API key (or a ~/.agentsource/config.json). The setup script offers to save the API key to disk (mode 600), which is convenient but you should consider whether you want the key persisted.
Persistence & Privilege: okThe skill does not request elevated platform privileges or 'always: true'. Installation writes its own files under $HOME/.agentsource and may persist the API key there (config.json, mode 600) if the user opts in — this is normal for a CLI. It does not alter other skills or global agent configs.