Back to skill

Security audit

The SignalHire skill integrates the full SignalHire API into OpenClaw, enabling you to search for prospects and enrich their contact details without leaving your workflow. It exposes three core actions: a credits check, a search-by-query for prospecting, and an asynchronous contact enrichment call

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate SignalHire integration, but it needs review because it exposes a public callback service and stores enriched personal contact data in local CSV files without built-in safeguards.

Install only if you are prepared to operate a public callback endpoint and store enriched contact details locally. Protect the callback behind a hardened proxy or verification mechanism where possible, restrict the output directory, keep CSVs out of shared storage and source control, set retention/deletion rules, and review privacy and compliance obligations before using the collected contact data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
77% confidence
Finding
The skill declares required environment variables but does not declare explicit permissions despite involving network access and local file reads/writes via the documented callback workflow and CSV persistence. This can weaken security review and runtime policy enforcement by obscuring the skill’s actual capabilities, making it easier to grant broader access than users expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially exceeds the stated purpose: it relies on a publicly reachable callback service, stores enriched contact data to CSV, and tracks job state locally, while not actually implementing the advertised direct Search/Credits functionality itself. This mismatch can mislead users and reviewers about the real attack surface, especially the exposure of a public inbound endpoint and persistent storage of sensitive personal data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly describes storing enriched contact data from SignalHire, including emails, phone numbers, names, and LinkedIn URLs, in local CSV files without a prominent security or privacy warning about at-rest handling of personal data. This increases the risk that operators will deploy the connector with insecure filesystem permissions, unencrypted storage, or inappropriate retention, leading to exposure of regulated personal data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states that callback results containing contact information are persisted to CSV files, but it does not present a clear user-facing warning about storage, retention, access controls, or privacy consequences. Because the data includes emails, phones, and other personal details, silent local persistence increases the risk of unauthorized access, accidental disclosure, and noncompliance with privacy obligations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The callback handler writes enriched personal data, including names, titles, company, locations, emails, and phone numbers, to local CSV files without any built-in consent gating, retention limits, encryption, or access controls. In the context of a prospect-enrichment skill handling PII, silent persistence increases the risk of privacy violations, unintended data exposure, and noncompliance if the host filesystem is shared or insufficiently protected.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.