IdentityMonitoringAgent

The skill's code and runtime instructions are coherent with its stated OSINT purpose: it calls holehe and sherlock and performs Google dork searches, and it does not request unrelated credentials or hidden endpoints.

This skill appears to do what it says: run holehe and sherlock and perform Google dorks to look for exposed emails/usernames. Before installing, consider: run it in an isolated environment (container/VM) because it will perform network scans and install third-party pip packages; review the holehe and sherlock projects for safety and licensing; avoid scanning targets you don't own or have permission to probe (legal/terms-of-service risk); be aware Google scraping may be rate-limited or flagged; the code invokes subprocesses based on user input (it uses list-form subprocess calls, which avoids shell interpolation, but still will perform network actions you trigger), so only provide targets you intend to scan. Finally, the skill's source/homepage is unknown — if you need stronger trust, obtain the upstream repository or a publisher with an audit trail before widespread use.