OSINT Social Analyzer
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to do what it says—public username OSINT—but users should notice the broad third-party scanning, the unpinned pip install, and the need to manually verify matches.
Install only if you are comfortable with a public-OSINT tool sending queried usernames to many websites. Use a virtual environment or pinned dependency if possible, and treat account matches as leads rather than proof of identity.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing this way could affect the local Python environment or pull a changed future package version.
The skill relies on a third-party Python package installed without a version pin and with a flag that bypasses system package protections. This is disclosed and central to the skill, but users should install it cautiously.
pip3 install social-analyzer --break-system-packages
Prefer a virtual environment, pipx, or a pinned version of social-analyzer instead of installing into the system Python environment.
A queried username may be sent to many third-party websites, and scanning may be noisy or rate-limited.
The skill intentionally sends username lookups across many external services. This is purpose-aligned, but users should understand the breadth of the scan.
Searches 1000+ platforms and returns a natural language summary of findings.
Use platform-specific or smaller scans when appropriate, and only run investigations for legitimate, lawful purposes.
Users could place too much trust in matches and misidentify someone.
The instructions may overstate what a username match proves. Similar or identical usernames across platforms do not necessarily confirm a shared real-world identity.
rate ≥ 80 → 高置信度,几乎确定是同一人
Treat results as investigative leads and manually verify identity before drawing conclusions or taking action.