← Back to Skills Marketplace
OSINT Daily Brief
by
infectit007
· GitHub ↗
· v1.0.0
· MIT-0
89
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install osint-daily-brief
Description
Generate a daily OSINT intelligence brief on any target — domain, company, IP, person, or keyword — using Tavily web search, WHOIS, DNS recon, and Shodan. De...
Usage Guidance
This appears to be a legitimate OSINT recipe, but metadata and instructions disagree about required credentials. Before installing: (1) insist the publisher update the registry metadata to list TAVILY_API_KEY (and optionally SHODAN_API_KEY) so automated permission checks are accurate; (2) only provide API keys you trust and that are scoped/minimized; (3) verify Tavily and Shodan endpoints and their privacy/retention policies (collected data will be sent to them); (4) be cautious about scheduling automated runs that send reports to external destinations (Telegram example uses an undeclared token); and (5) if you want extra safety, run first in a sandboxed environment or request the author add explicit configuration options and a preview mode that does not exfiltrate results. If the publisher cannot clarify the missing env var declarations and the Telegram delivery details, treat the skill as untrusted.
Capability Analysis
Type: OpenClaw Skill
Name: osint-daily-brief
Version: 1.0.0
The skill is a legitimate OSINT tool designed to generate intelligence reports using Tavily, Shodan, and system utilities like `dig` and `whois`. The Python snippets in SKILL.md use safe subprocess.run calls (passing arguments as a list) to prevent shell injection, and the data flow is restricted to the stated API providers. No indicators of data exfiltration, obfuscation, or malicious intent were identified.
Capability Assessment
Purpose & Capability
The SKILL.md clearly requires a TAVILY_API_KEY (and optionally SHODAN_API_KEY) to function, but the registry metadata lists no required environment variables or primary credential — that mismatch is incoherent. The use of dig/whois/shodan is reasonable for an OSINT brief, but the missing declaration of required credentials is a configuration/metadata problem that affects trust and automated permission checks.
Instruction Scope
Instructions are explicit about calling external APIs (Tavily, Shodan) and running local binaries (dig, whois) via subprocess. Those actions are within expected OSINT scope, but the workflow also demonstrates scheduling reports to Telegram without declaring the Telegram token or how to deliver reports safely, which is an undeclared outbound endpoint/requirement. The code reads environment variables directly (os.environ['TAVILY_API_KEY']) and will fail or crash if missing — the agent could also transmit collected data to the external services it depends on (expected for the function, but important to note).
Install Mechanism
No install spec and no code files beyond SKILL.md — lowest install risk. The SKILL.md notes that dig and whois are required system utilities and suggests apt installs; that is reasonable and transparent. There are no downloads or archive extraction steps.
Credentials
The skill requires at minimum TAVILY_API_KEY (required) and optionally SHODAN_API_KEY, but the registry metadata did not declare these. This mismatch prevents automated reviewers from knowing what secrets will be accessed. The number and type of env vars is itself modest and appropriate for the task, but the lack of declared primaryEnv/required envs is the main issue. The SKILL.md also references potential Tor/SOCKS use and sending to Telegram, but does not declare how those credentials/proxies are supplied.
Persistence & Privilege
always:false and user-invocable:true (defaults) — no elevated persistence requested. The SKILL.md shows how to schedule runs via openclaw cron, which is a user-level action; the skill does not request system modifications or cross-skill config changes. Because the skill can be invoked autonomously by the agent (disable-model-invocation:false, the default), an installed API key could be used by the agent when it decides to run the skill — consider limiting autonomous invocation if you don't trust that behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install osint-daily-brief - After installation, invoke the skill by name or use
/osint-daily-brief - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Automated OSINT report using Tavily AI search, DNS recon, WHOIS, and Shodan. Structured daily brief for brand monitoring, competitive intel, and pre-engagement recon.
Metadata
Frequently Asked Questions
What is OSINT Daily Brief?
Generate a daily OSINT intelligence brief on any target — domain, company, IP, person, or keyword — using Tavily web search, WHOIS, DNS recon, and Shodan. De... It is an AI Agent Skill for Claude Code / OpenClaw, with 89 downloads so far.
How do I install OSINT Daily Brief?
Run "/install osint-daily-brief" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OSINT Daily Brief free?
Yes, OSINT Daily Brief is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does OSINT Daily Brief support?
OSINT Daily Brief is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OSINT Daily Brief?
It is built and maintained by infectit007 (@infectit007); the current version is v1.0.0.
More Skills