DeepDive OSINT
PassAudited by VirusTotal on Apr 30, 2026.
Overview
Type: OpenClaw Skill Name: deepdive-osint Version: 1.0.0 The skill implements an 'Auto Install' feature in SKILL.md that uses subprocess to execute 'git clone' and 'pip install' from an external GitHub repository (github.com/Sinndarkblade/deepdive). This pattern introduces a significant supply-chain risk by fetching and executing unvetted remote code and dependencies on the host system. While the stated intent is for OSINT investigation, the use of system-level commands to bypass the skill's local scope and launch a local web server (port 8766) constitutes high-risk behavior without clear evidence of immediate malice.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could cause the agent to fetch and install code that was not reviewed by this scan, giving that code the user's local-account permissions.
The skill instructs first-run cloning of a remote GitHub repository and installing its dependency file, but that code and dependency set are not present in the reviewed artifacts or pinned to a commit/hash.
**This skill auto-installs the full DeepDive application from GitHub on first run.** ... ['git', 'clone', 'https://github.com/Sinndarkblade/deepdive', install_dir] ... 'pip', 'install', '-r', ... 'requirements.txt'
Inspect the GitHub repository and requirements file first, pin to a trusted commit, and install in an isolated virtual environment or container instead of allowing automatic first-run installation.
The downloaded application may run arbitrary Python code on the local machine under the user's account.
After downloading the repository, the instructions add its directories to Python's import path and import/run application code, which can execute code outside the reviewed skill artifact.
sys.path.insert(0, os.path.join(DEEPDIVE_ROOT, 'core')) ... from graph import InvestigationGraph, Entity, Connection ... cd ~/deepdive && python3 server/app.py
Do not run the auto-install/import path until the repository is reviewed; prefer manual installation in a sandbox with least-privilege access.
A simple investigation request may expand into many searches and collect many people, companies, locations, events, and allegations.
The skill intentionally directs broad, multi-angle searches and exhaustive entity extraction. This matches the OSINT purpose, but it is a wide default scope.
Use WebSearch for ALL 5. Never skip any ... Extract everything. If a result mentions 15 names, extract all 15.
Give explicit scope limits, stop conditions, and source-quality expectations when using the skill.
Provider credentials or account settings could be handled by the downloaded DeepDive application rather than by the reviewed skill artifact.
Provider configuration may involve API account credentials stored in a local settings file. This is expected for an AI-backed investigation app, but the registry metadata declares no primary credential.
Then open http://localhost:8766/board and configure your AI provider at http://localhost:8766/settings. ... Configure at http://localhost:8766/settings or set in ~/.deepdive/settings.json.
Use a limited-scope API key, avoid entering sensitive provider credentials until the application code is reviewed, and monitor usage/billing.
Names, allegations, connections, and investigation notes may remain on disk after the session.
The skill persists investigation graphs and findings locally. This is aligned with reports and graphing, but it can retain sensitive or incorrect OSINT conclusions for later reuse.
inv_dir = os.path.join(DEEPDIVE_ROOT, 'investigations', subject.lower().replace(' ', '_')) ... graph.save(inv_dir)Review stored investigation files, avoid using sensitive subjects unless appropriate, and delete or isolate investigation directories when no longer needed.