Social Intelligence
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using the skill may retrieve and export large amounts of social-media data.
The skill documents bulk export capability through MCP tools. This is consistent with social intelligence research, but users should be aware that queries can produce large datasets.
Every search generates a full CSV export — up to 64K rows per query.
Use explicit user intent for large searches or exports, and handle exported data according to privacy, compliance, and platform-use expectations.
The agent may act through the user's authenticated Xpoz account to access the service.
The skill requires delegated Xpoz account authentication. This is expected for the Xpoz MCP service and is disclosed in SKILL.md, though it is not reflected as a primary credential in the registry summary.
"credentials": "Xpoz account (free tier) — auth via xpoz-setup skill (OAuth 2.1)"
Authenticate only with an account you intend to use for this service, and review the xpoz-setup skill and Xpoz account permissions before use.
Installing the skill requires trusting the mcporter npm package and its provenance.
The skill relies on an external npm package to provide the mcporter binary. This appears central to the MCP-based purpose, but it is still an external dependency.
node | package: mcporter | creates binaries: mcporter
Install from the expected package source, keep dependencies updated, and review the related xpoz-setup skill before authenticating.
Search terms, social-media research activity, and returned datasets may pass through Xpoz's MCP service.
The skill routes activity through a shared external MCP backend. This is disclosed and purpose-aligned, but it creates a provider boundary for queries, results, and account access.
All skills share the same Xpoz MCP backend — authenticate once, use everywhere.
Avoid sending confidential research queries unless you are comfortable with Xpoz handling them, and review Xpoz's service and privacy terms.