← Back to Skills Marketplace
1234
Downloads
2
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install osint-investigator
Description
Deep OSINT (Open Source Intelligence) investigations. Use when the user wants to research, find, or investigate any person, place, organisation, username, do...
Usage Guidance
This skill appears to do what it says (wide-ranging OSINT), but several inconsistencies raise red flags: it expects system tools (whois, dig, exiftool, curl) and multiple API keys but declares none; and its included PDF script will pip-install a package at runtime. Before installing or enabling it: 1) Ask the author for an explicit manifest of required binaries and environment variables (API keys) and why each is needed. 2) If you must run it, do so in a sandboxed environment with restricted network access and no sensitive credentials present. 3) Review the generate_pdf.py script and consider removing or pinning the pip-auto-install behavior (or preinstall fpdf2 in a controlled way). 4) Consider limiting or disabling autonomous invocation until you confirm the exact external services it will call and the credentials it will use. 5) Ensure you have legal authority to perform OSINT on the intended targets and avoid collecting or retaining data you shouldn't.
Capability Analysis
Type: OpenClaw Skill
Name: osint-investigator
Version: 1.0.0
The skill is classified as suspicious due to several high-risk capabilities and potential vulnerabilities, despite its stated benign purpose of OSINT. Key indicators include the extensive use of shell commands (`whois`, `dig`, `curl`, `exiftool`) in `SKILL.md` which, if user input is not properly sanitized by the agent, could lead to shell injection and arbitrary command execution. Additionally, the `scripts/generate_pdf.sh` script attempts to install `fpdf2` using `pip3 install --break-system-packages`, a powerful command that modifies the system Python environment and could be abused if the package name were manipulated. The skill also stores sensitive API keys and user credentials (including passwords for social media platforms) in `config/osint_config.json`, which, while protected by `chmod 600`, still represents a local data exposure risk. There is no evidence of intentional malicious behavior, but these capabilities and vulnerabilities pose significant security risks.
Capability Assessment
Purpose & Capability
The skill claims to run multi-source OSINT (web, social, DNS, image reverse, maps, etc.) which explains many external calls. However, SKILL.md and the code expect system binaries and API keys (whois/dig/nslookup/exiftool/curl, Google Maps API key, HaveIBeenPwned key, Twitch Client-Id, etc.) while the package metadata declares no required binaries or environment variables — a clear mismatch between declared requirements and actual needs.
Instruction Scope
The instructions direct the agent to perform broad network queries across many external services, run system commands (whois, dig, exiftool) and fetch content from many third-party endpoints. They also instruct handling local image files (EXIF extraction) and using API keys when available. The SKILL.md gives the agent broad discretion ('Run ALL applicable modules in parallel. Never stop after one source'), which could cause wide-ranging automated collection and many outbound requests. The skill does not surface or constrain which API keys/credentials it will use or require.
Install Mechanism
There is no formal install spec, but scripts/generate_pdf.sh will attempt to pip-install fpdf2 at runtime (with --break-system-packages fallback and user installs). This causes network package installation from PyPI when the PDF generator runs. No arbitrary URL downloads were found, but automatic pip installs are a moderate operational risk and should be reviewed or run in a controlled environment.
Credentials
The skill's instructions reference multiple external API keys (Google Maps key, HIBP API key, Twitch client id, Gravatar MD5 of emails implying email enumeration, etc.) yet the manifest lists no required environment variables or primary credential. That mismatch is concerning: the skill expects credentials but does not declare or justify them in the package metadata. Additionally, the skill's data-collection scope (potentially personal data, images with EXIF, emails/phone lookups) increases sensitivity.
Persistence & Privilege
The skill does not request permanent/always-on inclusion (always: false) and does not declare modifications to other skills or system-wide settings. It can be invoked autonomously by the agent (default behavior), which is normal for skills; however, given the other concerns, autonomous invocation increases the blast radius and should be considered before enabling.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install osint-investigator - After installation, invoke the skill by name or use
/osint-investigator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of OSINT Investigator – a comprehensive, multi-source open-source intelligence gathering skill.
- Automatically classifies targets (person, username, domain, IP, organization, etc.) and selects relevant investigation modules.
- Executes deep web, social media, DNS/WHOIS, IP, email, phone, image, map/location, and corporate intelligence searches.
- Sign in options/api keys for (optional)
• Instagram (username + password)
• Twitter/X (Bearer Token — free API v2 tier works)
• LinkedIn (email + password)
• Facebook (email + password)
• Google Maps (API key — geocoding, places, Street View)
• Shodan (API key — deep IP intel)
• HaveIBeenPwned (API key — breach lookups)
• Hunter.io (email discovery)
• AbstractAPI (phone lookup)
- Runs all applicable modules in parallel for thorough results.
- Aggregates and cross-references findings across multiple sources.
- Outputs a structured, actionable intelligence report for any investigated target.
Metadata
Frequently Asked Questions
What is OSINT Investigator?
Deep OSINT (Open Source Intelligence) investigations. Use when the user wants to research, find, or investigate any person, place, organisation, username, do... It is an AI Agent Skill for Claude Code / OpenClaw, with 1234 downloads so far.
How do I install OSINT Investigator?
Run "/install osint-investigator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is OSINT Investigator free?
Yes, OSINT Investigator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does OSINT Investigator support?
OSINT Investigator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created OSINT Investigator?
It is built and maintained by cineglobe (@cineglobe); the current version is v1.0.0.
More Skills