Expert Finder
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a legitimate expert-discovery skill, but it installs an external connector and uses an Xpoz OAuth account to query large Twitter/Reddit datasets through external services.
Before installing, confirm that you trust Xpoz and the mcporter package, review the OAuth setup, and use non-sensitive search topics because the skill sends queries to external services and may collect large sets of public social-media posts and profiles.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may run sizable external searches and collect many public posts and account profiles for the requested topic.
The skill uses external search and Xpoz API calls to collect potentially large social-media datasets. This is central to the expert-finding purpose and is presented as an explicit workflow.
Research domain with `web_search`/`web_fetch`... `mcporter call xpoz.getTwitterPostsByKeywords`... Download CSVs via `dataDumpExportOperationId` (64K rows).
Use clear topic and date boundaries, and avoid entering confidential search topics unless you are comfortable sending them to the external search/Xpoz services.
Calls to Xpoz will be made under the user's Xpoz account or access key.
The skill discloses that it uses an Xpoz account through OAuth, even though the registry-level requirements list no primary credential. This is expected for the Xpoz integration but should be reviewed by the user.
"credentials": "Xpoz account (free tier) — auth via xpoz-setup skill (OAuth 2.1)"
Review the OAuth/account permissions during xpoz-setup and revoke the access if you stop using the skill.
Installing the skill also installs and relies on the external mcporter package.
The skill relies on an npm-installed connector binary. That install is disclosed and purpose-aligned, but it is a separate dependency outside the instruction-only SKILL.md.
[0] node | package: mcporter | creates binaries: mcporter
Install only if you trust the package source and the Xpoz integration; keep the package updated through normal trusted channels.
Search terms, topics, and related identifiers may be processed by external providers.
The skill sends queries through web tools and an external MCP/Xpoz service. This is disclosed and necessary for the intended social-media research workflow.
"tools": ["web_search", "web_fetch"], "network": ["mcp.xpoz.ai"]
Do not use sensitive or private topics unless you are comfortable with those queries being sent to the listed external services.