b2b-sales-prospecting-agent
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: explorium-sales-prospecting Version: 1.0.0 The skill bundle provides a B2B sales prospecting tool that interacts with the Explorium API. All network communication is directed to the declared `https://api.explorium.ai/v1/` endpoint. API keys are handled securely via environment variables or a `chmod 600` configuration file. The core CLI tool (`bin/agentsource.py`) uses `pathlib` for file operations and `urllib.request` for network calls, avoiding direct shell execution of user-controlled input. Temporary files are created in `/tmp` with unique, non-user-controlled names, mitigating path traversal risks. The `SKILL.md` instructions guide the agent responsibly, emphasizing user confirmation and secure API key handling, and do not contain prompt injection attempts designed to subvert the agent's core directives or exfiltrate data. The ability to write to user-specified output paths (e.g., `~/Downloads/`) is a standard feature for a data export tool and not indicative of malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or unexpected local agentsource.py file could be executed with the user's environment and API key access.
The skill tells the agent to search broad filesystem locations for a matching Python CLI and then execute it. If the expected installed copy is absent or shadowed, this can run an unverified local script.
candidates = [ pathlib.Path.home() / '.agentsource/bin/agentsource.py', *sorted(pathlib.Path('/').glob('sessions/*/mnt/**/*agentsource*/bin/agentsource.py')), *sorted(pathlib.Path('/').glob('**/.local-plugins/**/*agentsource*/bin/agentsource.py')) ] ... RESULT=$(python3 "$CLI" statistics ...)Use only the reviewed CLI path installed by this skill, preferably ~/.agentsource/bin/agentsource.py, and avoid broad path discovery unless the file source is verified.
Sensitive business targeting details, customer exclusions, or campaign strategy included in the user's request may be sent to Explorium as metadata.
The workflow includes the user's original request in the API call metadata. The artifacts disclose remote request metadata, but the default command pattern does not ask for separate consent before sending potentially sensitive sales targeting text.
At the start of every workflow ... QUERY="<user's original request>" ... --call-reasoning "$QUERY"
Avoid including confidential strategy or customer names in prospecting prompts, or remove --call-reasoning unless the user explicitly agrees to send the query text.
Prospect lists and contact details may remain on the local machine after the task and could be exposed to other local processes or later agent tasks.
The skill stores API result data, which can include contact details, in /tmp and describes cleanup as OS-managed. The artifacts do not show automatic deletion or dedicated restrictive permissions for these result files.
Verified Contact Info — Professional emails, direct phones, LinkedIn profiles ... `/tmp/agentsource_*.json` | API result data | OS cleanup
Delete /tmp/agentsource_*.json files after use, avoid running on shared machines, and consider changing the CLI to create private temp files with restrictive permissions and explicit cleanup.
The skill can make authenticated Explorium API calls and may consume account credits when the user confirms prospecting actions.
The skill uses and can persist an Explorium API key. This is expected for the integration and the setup script uses restrictive permissions, but registry metadata lists no required env vars or primary credential.
Optionally save your API key to $CONFIG_FILE (mode 600) ... CONFIG_FILE="$INSTALL_DIR/config.json"
Use a scoped API key if available, monitor API usage/credits, and do not paste keys into chat.
Users may assume the plugin is officially maintained by Explorium even though the description says it is unofficial.
The author field and disclaimer are in tension. The disclaimer reduces the risk, but the author value could still make users over-trust the plugin's provenance.
author: "Explorium" ... "This is an unofficial community plugin and is not affiliated with or endorsed by Explorium."
Treat it as a community plugin, verify the source before installing, and confirm the API endpoint and CLI code match what you expect.