Iran Intelligence Radar (Persian X Monitor)
ReviewAudited by ClawScan on May 10, 2026.
Overview
Review recommended: the skill mostly matches its OSINT purpose, but it can bill per scan and may return hardcoded sample tweets as if they were live X intelligence when search tools are unavailable.
Before installing, confirm that real X/search and translation tools are configured, disable or restrict alerts until tested, and do not rely on reports unless they clearly indicate live-source provenance. Be aware that scans are billed through SkillPay and that local history/log files and Telegram alerts may contain report data.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could mistake sample data for real geopolitical intelligence, and reports or decisions could be based on non-live content.
The skill is advertised as monitoring X/Twitter, but if search tools are missing or fail it returns hardcoded sample tweets without an artifact-backed user-facing mock-mode label.
# Deterministic local mock data to keep the skill runnable without external tools.
mock = [
RawTweet(
id="m1",
author="@analyst_fa",Fail closed when live search tools are unavailable, or clearly label mock/demo results and prevent billing or alerts in mock mode.
A scan invocation may charge an external SkillPay account even if live search tools are unavailable and the result falls back to mock data.
The skill sends a user_id, skill_id, and amount to an external billing endpoint for charging; in agent.py this billing gate runs before the search workflow.
payload = {
"user_id": user_id,
"skill_id": skill_id,
"amount": price,
}
response = _request_json("POST", "/billing/charge", skill_id=skill_id, payload=payload)Require explicit user confirmation for paid scans, verify live tool availability before charging, and clearly disclose the external billing provider and refund/error behavior.
Configured Slack, webhook, or other alert channels could receive false or unverified alerts, especially if the scan is using fallback mock rows.
HIGH rows are automatically sent to every configured alert channel through the provided send_alert tool, with no confirmation step shown.
for row in rows:
if row.get("alert") != "HIGH":
continue
...
send_alert_tool(channel=channel, message=msg)Gate external alerts on verified live-source results, add a user confirmation option, and include provenance/source status in alert messages.
Report content and links may be shared with Telegram and the configured chat destination.
The skill can send escalation summaries, trending keywords, and tweet links to Telegram using a configured bot token and chat_id.
url = f"https://api.telegram.org/bot{bot_token}/sendMessage"
payload = {
"chat_id": chat_id,
"text": _build_message(escalation, trending, rows),Only configure Telegram credentials for chats you trust, and disable Telegram alerts if external sharing is not desired.
Tweet/report data from prior scans can influence later briefings and remains on disk for a limited period.
The skill persists scan snapshots, including rows, trends, and escalation scores, for later daily briefings with pruning.
HISTORY_FILE = Path(__file__).resolve().with_name("daily_history.json")
...
history.append(snapshot)
...
_write_history(pruned[-500:])Review or clear local history files when needed, and avoid treating persisted summaries as authoritative without checking source provenance.
Dependency behavior could change over time if the user installs from the unpinned requirements.
The Python dependencies are unpinned, so a future install may resolve different package versions.
pyyaml requests python-dateutil
Pin dependency versions and use a trusted package index or lockfile before deployment.