Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Threat Intelligence — التهديدات
v1.0.1The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, sear...
⭐ 0· 101·1 current·1 all-time
byKw.Hades- Creative Labs@abdullah944
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill name/description (Arabic-first OSINT: Telegram scraping, CT logs, Tor dark-web search) matches what the code does. However the package metadata declares no required binaries while the included script clearly invokes external programs (curl and torsocks). That mismatch is unexpected and should be clarified.
Instruction Scope
SKILL.md and scripts/run.py stay within passive OSINT: fetching public Telegram pages, querying crt.sh, and using Tor to query .onion search engines. The instructions do not ask the agent to read arbitrary local files or environment secrets. They do require the agent to run networked commands (curl/torsocks), which is consistent with the stated purpose but is an execution privilege to be aware of.
Install Mechanism
No install spec or external downloads are used; this is instruction-only plus a bundled Python script. Nothing in the manifest writes arbitrary remote code to disk at install time.
Credentials
The skill requests no environment variables or credentials, which matches the code (it uses public endpoints). There are no hidden secret accesses in the files. The only external dependencies are binaries (curl, optionally torsocks) which are not declared in the registry metadata.
Persistence & Privilege
always is false and the skill does not request persistent/privileged platform presence. It uses subprocess execution at runtime (normal for this kind of tool). Autonomous invocation is enabled by default (normal) — combine that with the exec capability only if you trust the skill.
What to consider before installing
This skill appears to implement the OSINT tasks it claims, but there are two practical concerns to decide on before installing:
1) Required host tools: The bundled script calls external binaries (curl and torsocks). The registry says "no required binaries" — verify that your agent environment provides curl and (for dark-web queries) torsocks/Tor, or the darkweb command will fail. If you don't want the agent to run system commands, do not enable exec for this skill.
2) Network & Tor access: The skill will fetch arbitrary remote content (t.me pages, crt.sh JSON, and .onion search engines). If you allow autonomous invocation, the agent can reach those endpoints without further prompts. Consider running the skill only when manually invoked, or sandbox network/Tor access and review onion engine URLs before use.
Additional recommendations:
- Confirm legal/organizational policy for scraping Telegram and querying onion services in your jurisdiction.
- If you want to proceed, run the bundled script locally first to inspect behavior and confirm which binaries are required.
- If you do not want Tor or .onion lookups, avoid using the darkweb command or ensure torsocks is not available to the agent.
Given the metadata/code mismatch (undeclared binary requirements) and the fact the skill makes network/Tor calls when executed, treat it as suspicious until you validate the runtime environment and trust boundaries.Like a lobster shell, security has layers — review code before you run it.
arabicvk977typqjpcr2mhsxvx05bdn41835qqgcybersecurityvk977typqjpcr2mhsxvx05bdn41835qqgdark-webvk977typqjpcr2mhsxvx05bdn41835qqggulfvk977typqjpcr2mhsxvx05bdn41835qqglatestvk977b5kgjj5f1f5nz1drsv5zh5834xy7osintvk977typqjpcr2mhsxvx05bdn41835qqgtelegramvk977typqjpcr2mhsxvx05bdn41835qqgthreat-intelligencevk977typqjpcr2mhsxvx05bdn41835qqg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.