How to Prompt Clearfront AI Security Analyst (and Pivot Like an Investigator)
By Scott Anderson, Clearfront maintainer
Clearfront is driven by an AI security analyst that picks its own tools and chains them on what it finds. This is how to prompt it well, how to pivot through the evidence graph, and how to read the calibrated report it produces.
How do you prompt Clearfront?
Give it one clear identifier and what you want to know. The analyst reads the entity type, chooses the right tools, runs them, and pivots on what comes back. You do not list the tools; you state the target and the goal.
A good prompt is specific about the seed and the intent. Check what my email jane@example.com exposes works. So does dropping in a username, a domain, or an IP with a short instruction. The analyst handles the routing.
How the analyst decides which tools to run
It routes by the type of identifier you give it. An email triggers account and breach checks; a username triggers the enumeration tools; a domain triggers WHOIS and DNS; an IP triggers geolocation and exposure checks.
- -A full name starts with a search-engine footprint and generated dorks
- -An email runs account discovery and breach lookup, plus the avatar check
- -A username runs the broad profile search, then the URL-verified pass
- -A domain runs WHOIS, subdomain discovery, and DNS with mail-security analysis
- -An IP runs geolocation and an exposure check for open services
It also knows what not to do. It will not run a breach lookup on a full name, or a username check on a string with spaces, because those produce noise. The routing is deliberate, which is why vague prompts still return clean results.
Good prompts vs vague prompts
The more precise your seed, the better the report. Compare these.
- -Vague: find stuff about me. Better: scan my email jane@example.com and tell me what is exposed
- -Vague: look up John. Better: check the username johndoe99 across platforms and flag anything tied to my real name
Give it a real identifier and a goal, and it does the rest. Give it a bare name with no context and it can only do so much, the same limit a human investigator would hit.
How to pivot through the evidence graph
In the browser console, click any node in the evidence graph and choose Run more tools on this. The analyst investigates that entity and the graph grows in place with the new connections.
This is where it feels like an investigation rather than a lookup. A breach node leads you to the email it exposed; clicking the email pivots the analyst onto it, and it pulls the accounts and pastes connected to that address. The graph is a dense web, not a star, so following one thread usually surfaces three more.
How to read the report
The report separates what was observed from what was inferred, and it rates every judgment two ways: how likely it is, and how confident the analyst is in the sourcing.
Likelihood uses seven calibrated terms, from almost no chance through roughly even chance to almost certainly, and never vague words like maybe. Confidence is stated separately as high, moderate, or low, based on how good the sourcing is. A finding can be very likely with only moderate confidence, and the report will say so.
Each source is rated for reliability too: a URL you can open and verify is high, an indexed result is moderate, a name-only match is low. That calibration is the difference between a report you can act on and a pile of guesses. The tools reference shows where each source comes from.
Frequently asked questions
- What model does Clearfront use?
- By default it uses Anthropic Claude for the analyst. You can point it at an OpenAI-compatible endpoint or run a local model with Ollama instead, using the provider flags.
- Can Clearfront make up findings?
- No. The analyst issues a stop, real tools run as subprocesses, and their actual output comes back. It reports what the tools returned, so a fabricated tool result is structurally impossible.
- What does pivoting mean in an investigation?
- Pivoting is taking one finding and investigating it further: an email leads to accounts, an account leads to a username, and so on. Clearfront pivots automatically and lets you pivot manually by clicking a node in the graph.
Scott Anderson believes your personal data is yours to own and protect. He built Clearfront, a free, open-source tool for scanning and scrubbing your own digital footprint from public data, and he writes about OSINT, breach exposure, and personal privacy.
Related posts
- Getting Started With Clearfront: Install It and Run Your First Scan
Clearfront is a free, open-source footprint scanner that runs on your own machine. Here is how to install it and run your first scan, start to finish.
- How to Check Your Digital Footprint: A Self-OSINT Walkthrough
Audit your own digital footprint in about an hour, for free, using the five OSINT passes a security analyst would run on you. Step by step, with the shortcut.
- AI Agents Can Build a Dossier on You From One Username. Here Is What They Find.
Given a single username, an AI OSINT agent can chain tools and assemble a profile in minutes. Here is how it works, what it finds, and how to harden your footprint.