ClawHub

Companies & Contacts enrichment - Explorium AgentSource

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Explorium lead-enrichment skill, but it stores API keys and sensitive lead data in ways users should review before installing.

Install only if you are comfortable sending selected filters, entity IDs, and matching records to Explorium. Prefer setting EXPLORIUM_API_KEY yourself as an environment variable instead of typing it into setup.sh, use explicit CSV input/output paths, keep result limits intentional, and delete /tmp/agentsource_*.json after use, especially on shared machines or when results include emails, phone numbers, or proprietary lead lists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill clearly uses sensitive capabilities—shell execution, filesystem reads/writes, environment access, and network calls—but does not declare corresponding permissions. This creates a transparency and consent gap: a host may expose more capability than users or policy expect, increasing the chance of unreviewed data access, API-key use, local file export, and remote transmission.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The tool writes potentially sensitive company/contact data to predictable filenames in /tmp using only a timestamp and command name. On multi-user systems, this can expose business intelligence, prospect data, or enriched contact information to other local users or processes via filename prediction or permissive default file permissions.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The CLI persists the API key to disk in ~/.agentsource/config.json, which increases the credential exposure window if the host is later compromised, backed up insecurely, or shared. Although chmod(0o600) is applied, there is no strong user warning or preference for ephemeral secret handling, so users may store production credentials without understanding the persistence risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill documents enrichment of prospects with personal email, direct phone, and mobile phone data, but provides no privacy, lawful-basis, consent, or acceptable-use guidance. In a B2B prospecting skill, this omission increases the risk that users will collect and export sensitive personal contact data for spam, intrusive outreach, or noncompliant processing under privacy and marketing laws.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal