Explorium AgentSource
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Explorium prospecting integration, but users should notice that it uses an API key, sends prospecting requests to Explorium, and stores result files locally.
Install only if you intend to use Explorium AgentSource for B2B prospecting. Set the API key outside the chat, review searches before large fetches or enrichments, be mindful that contact data and CSVs may contain sensitive information, and clean up local temp/result files when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with access to the key could use the associated Explorium account, and API calls may consume available quota or credits.
The skill requires an Explorium API key and may store it locally; this is expected for the service integration but grants access to the user’s Explorium account and quota.
"primary_credential": "EXPLORIUM_API_KEY" ... "storage": "~/.agentsource/config.json (mode 600) or environment variable"
Use a scoped or revocable API key if available, never paste it into chat, review usage before large enrichments or exports, and remove ~/.agentsource/config.json when no longer needed.
Prospecting results or imported matching data may remain on the local machine after the workflow, especially on shared systems.
The agent workflow stores retrieved API results as local temporary files for later reading; this is disclosed and purpose-aligned, but enriched prospect data can include emails or phone numbers and may remain until OS cleanup.
"All API responses are written to temp files" ... "`/tmp/agentsource_*.json` | API result data | Cleaned up automatically by OS"
Delete /tmp/agentsource_*.json files after sensitive workflows, avoid running large contact-enrichment jobs on shared machines, and export results only to locations you control.
An install UI or automated review may not fully reflect that setup.sh is used and that an Explorium API key is required.
The registry-level declarations understate the included setup script and credential requirement, even though the packaged plugin files disclose them.
Required env vars: none ... Primary credential: none ... No install spec — this is an instruction-only skill ... Code file presence: setup.sh, bin/agentsource.py
Review setup.sh and plugin.json before installation; maintainers should align registry metadata with the packaged credential and setup requirements.