Threat Intelligence — التهديدات

v1.0.1

The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, sear...

⭐ 0· 207·1 current·1 all-time

byKw.Hades- Creative Labs@abdullah944

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for abdullah944/threat-intel.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Threat Intelligence — التهديدات" (abdullah944/threat-intel) from ClawHub.
Skill page: https://clawhub.ai/abdullah944/threat-intel
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install threat-intel

ClawHub CLI

Package manager switcher

npx clawhub@latest install threat-intel

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The skill name/description (Arabic-first OSINT: Telegram scraping, CT logs, Tor dark-web search) matches what the code does. However the package metadata declares no required binaries while the included script clearly invokes external programs (curl and torsocks). That mismatch is unexpected and should be clarified.

✓

Instruction Scope

SKILL.md and scripts/run.py stay within passive OSINT: fetching public Telegram pages, querying crt.sh, and using Tor to query .onion search engines. The instructions do not ask the agent to read arbitrary local files or environment secrets. They do require the agent to run networked commands (curl/torsocks), which is consistent with the stated purpose but is an execution privilege to be aware of.

✓

Install Mechanism

No install spec or external downloads are used; this is instruction-only plus a bundled Python script. Nothing in the manifest writes arbitrary remote code to disk at install time.

✓

Credentials

The skill requests no environment variables or credentials, which matches the code (it uses public endpoints). There are no hidden secret accesses in the files. The only external dependencies are binaries (curl, optionally torsocks) which are not declared in the registry metadata.

✓

Persistence & Privilege

always is false and the skill does not request persistent/privileged platform presence. It uses subprocess execution at runtime (normal for this kind of tool). Autonomous invocation is enabled by default (normal) — combine that with the exec capability only if you trust the skill.

What to consider before installing

This skill appears to implement the OSINT tasks it claims, but there are two practical concerns to decide on before installing: 1) Required host tools: The bundled script calls external binaries (curl and torsocks). The registry says "no required binaries" — verify that your agent environment provides curl and (for dark-web queries) torsocks/Tor, or the darkweb command will fail. If you don't want the agent to run system commands, do not enable exec for this skill. 2) Network & Tor access: The skill will fetch arbitrary remote content (t.me pages, crt.sh JSON, and .onion search engines). If you allow autonomous invocation, the agent can reach those endpoints without further prompts. Consider running the skill only when manually invoked, or sandbox network/Tor access and review onion engine URLs before use. Additional recommendations: - Confirm legal/organizational policy for scraping Telegram and querying onion services in your jurisdiction. - If you want to proceed, run the bundled script locally first to inspect behavior and confirm which binaries are required. - If you do not want Tor or .onion lookups, avoid using the darkweb command or ensure torsocks is not available to the agent. Given the metadata/code mismatch (undeclared binary requirements) and the fact the skill makes network/Tor calls when executed, treat it as suspicious until you validate the runtime environment and trust boundaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk977b5kgjj5f1f5nz1drsv5zh5834xy7

207downloads

0stars

2versions

Updated 22h ago

v1.0.1

MIT-0

Arabic Threat Intelligence

The only Arabic-first OSINT and threat intelligence skill for OpenClaw. Works globally — not limited to any single country or region.

Why This Skill

99% of OSINT skills are English-only. Arabic-speaking analysts, security teams, and researchers lack native-language tooling. This skill bridges that gap with full bilingual (Arabic + English) support.

Commands

Monitor Telegram Channels

Use arabic-threat-intel channel hak994
Use arabic-threat-intel channel anyChannelName --lang both

Scrapes public Telegram channels. Returns posts with timestamps, auto-translates Hebrew/Farsi mentions.

Generate Threat Report

Use arabic-threat-intel report "critical infrastructure"
Use arabic-threat-intel report "ransomware" --lang both

Monitors tracked threat actor channels and generates a structured bilingual threat brief ready for leadership or SOC teams.

Dark Web Search

Use arabic-threat-intel darkweb "company name data leak"
Use arabic-threat-intel darkweb "اسم الشركة تسريب"

Searches dark web indexes via Tor. Accepts Arabic or English queries. Returns .onion links with risk assessment.

CT Log Subdomain Scan

Use arabic-threat-intel scan example.com
Use arabic-threat-intel scan target-domain.org

Passive subdomain discovery via Certificate Transparency logs (crt.sh). Flags takeover candidates, dev/test servers, VPN and admin panels.

Tracked Threat Groups

Group	Platform	Origin	Targeting
Fatimion Cyber Team	Telegram @hak994	Iran	Infrastructure, Oil & Gas
313 Team	Telegram @xX313XxTeam	Iran	Government sites
Fattah Cyber	Telegram @fattah_irili	Iran	Tech, Media
Handala Hack	Web	Iran (MOIS)	Financial, Defense
Various APT34/MuddyWater	Multiple	Iran	Telecom, Energy

Output Options

Flag	Description
`--lang ar`	Arabic only (RTL output)
`--lang en`	English only
`--lang both`	Bilingual report (default)
`--region me`	Middle East focus
`--region africa`	Africa focus
`--region all`	Global (default)

Requirements

No API keys required for CT log scanning and Telegram monitoring
Optional: Tor for dark web search (service tor start)
Python 3.10+ (pre-installed with OpenClaw)

Use Cases

🔒 SOC teams monitoring Arabic-language threat actors
🕵️ OSINT investigators tracking dark web activity
📰 Journalists covering cybersecurity in the Middle East
🎓 Security researchers and students learning Arabic OSINT
🏢 Enterprise security teams with MENA exposure
🌍 Any analyst tracking Iran-linked APT groups globally

Security & Ethics

This skill performs passive OSINT only. All sources are publicly accessible:

Telegram public channels (t.me/s/)
Certificate Transparency logs (crt.sh)
Dark web search engines via Tor (Ahmia, OnionLand)

No active exploitation. No unauthorized scanning.

Comments

Loading comments...