OSINT Information
v1.0.5AI-powered OSINT intelligence reports via API. 129 RSS feeds across 15 categories with enriched analysis, domain recon, and automated feed health monitoring.
⭐ 0· 9·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
The name/description match the files and runtime behavior: the helper script only calls endpoints on osint.ahsan-tariq-ai.xyz and requires OSINT_API_KEY. That API key is appropriate for an external OSINT service. Minor incoherences: package.json/README list version 0.6.0 while the registry metadata lists 1.0.5 (versioning mismatch), and the SKILL.md contains a truncated/ambiguous line about 'hidden signal enrichment' which deserves clarification from the author.
Instruction Scope
SKILL.md and scripts/osint_api.py limit actions to HTTPS requests to the declared host, sanitize inputs with urllib.parse.quote, use only stdlib networking, print JSON responses, and explicitly avoid local file I/O or shell execution. The documented endpoints include privacy‑sensitive operations (breach check, social lookup, recon) which is expected for OSINT but should be considered when sending PII.
Install Mechanism
There is no install spec — the skill is instruction-only with a thin helper script. Nothing is downloaded or written to disk by the skill itself during installation, which reduces supply‑chain risk.
Credentials
Only one credential (OSINT_API_KEY) is required, which is proportionate to the described functionality. However the key grants access to a third‑party API and should be treated as sensitive. The SKILL.md and script require the key and abort if absent, which is consistent. Verify the key's scope/permissions and rotate or use a limited/test key if you are concerned.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and does not persist data locally. Autonomous invocation is allowed (platform default) but not combined with elevated privileges.
Assessment
This skill appears to do what it says: it forwards queries to a single external API and requires an OSINT_API_KEY. Before installing, verify the operator (osint.ahsan-tariq-ai.xyz) and read its privacy policy and terms: anything you query (domain names, emails, usernames) will be sent to that host and could contain sensitive data. Use a scoped or disposable API key if possible; avoid sending highly sensitive PII through the skill; confirm the provider's reputation (GitHub repo, DNS ownership, TLS cert) and consider testing with non‑sensitive queries first. Also ask the author to clarify the version mismatch (package.json vs registry) and the truncated 'hidden signal enrichment' note if you need more assurance.Like a lobster shell, security has layers — review code before you run it.
latestvk97bhth2gjtg76bkk4rtz7mzxs84cbq5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🔍 Clawdis
EnvOSINT_API_KEY
Primary envOSINT_API_KEY