← Back to Skills Marketplace
DeepDive OSINT
by
Sinndarkblade
· GitHub ↗
· v1.0.0
· MIT-0
76
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install deepdive-osint
Description
Autonomous OSINT investigation tool. Give it a name, company, or event — it searches, extracts every entity, and maps connections into an interactive 3D grap...
README (SKILL.md)
DeepDive — Autonomous OSINT Investigation Tool
Autonomous investigation engine that maps connections between people, companies, money, and events into an interactive 3D graph. Built for extended deep investigations — financial fraud, political networks, corporate ownership chains, person background checks, document corpus analysis.
This skill auto-installs the full DeepDive application from GitHub on first run.
First Run — Auto Install
When you invoke this skill, it checks if DeepDive is installed. If not, it clones the repo and installs dependencies automatically:
import sys, os, subprocess
DEEPDIVE_ROOT = None
search_paths = [
'.', './deepdive', '../deepdive',
os.path.expanduser('~/deepdive'),
os.path.expanduser('~/.local/deepdive'),
]
for p in search_paths:
if os.path.exists(os.path.join(p, 'core', 'graph.py')):
DEEPDIVE_ROOT = os.path.abspath(p)
break
if not DEEPDIVE_ROOT:
print("DeepDive not found — installing from GitHub...")
install_dir = os.path.expanduser('~/deepdive')
subprocess.run(
['git', 'clone', 'https://github.com/Sinndarkblade/deepdive', install_dir],
check=True
)
subprocess.run(
[sys.executable, '-m', 'pip', 'install', '-r',
os.path.join(install_dir, 'requirements.txt')],
check=True
)
DEEPDIVE_ROOT = install_dir
print(f"✓ DeepDive installed at {DEEPDIVE_ROOT}")
sys.path.insert(0, os.path.join(DEEPDIVE_ROOT, 'core'))
sys.path.insert(0, os.path.join(DEEPDIVE_ROOT, 'server'))
sys.path.insert(0, os.path.join(DEEPDIVE_ROOT, 'src'))
from graph import InvestigationGraph, Entity, Connection
from build_board import build_board
print(f"✓ DeepDive ready")
Running the Full Server (Recommended)
For the complete experience — interactive 3D board, live AI agent, file ingestion, timeline, money flow diagrams:
cd ~/deepdive && python3 server/app.py
Then open http://localhost:8766/board and configure your AI provider at http://localhost:8766/settings.
Commands
| Command | What it does |
|---|---|
/deepdive [subject] |
Start a new investigation |
/deepdive expand [entity] |
Dig deeper into a specific entity |
/deepdive expand |
Auto-expand the most connected uninvestigated node |
/deepdive money |
Trace all financial connections |
/deepdive gaps |
Show suspicious missing connections |
/deepdive report |
Full investigation summary |
/deepdive board |
Rebuild and open the 3D board |
Provider Setup
Configure at http://localhost:8766/settings or set in ~/.deepdive/settings.json.
For serious investigations use an API provider — local models miss too many entities on complex subjects:
| Provider | Model | Notes |
|---|---|---|
| DeepSeek | deepseek-chat |
Best value — cheap, strong — https://api.deepseek.com/v1 |
| Groq | llama-3.3-70b-versatile |
Free tier, fast — https://api.groq.com/openai/v1 |
| OpenAI | gpt-4o-mini |
Widely available |
| Ollama | any local model | Offline only, lower quality on large investigations |
/deepdive [subject] — New Investigation
Step 1: Initialize
subject = "THE_SUBJECT"
inv_dir = os.path.join(DEEPDIVE_ROOT, 'investigations', subject.lower().replace(' ', '_'))
os.makedirs(inv_dir, exist_ok=True)
seed = Entity(subject, "unknown", {"source": "user_provided"})
graph = InvestigationGraph(subject, seed)
Step 2: Search 5 Angles
Use WebSearch for ALL 5. Never skip any:
"[subject] connections associates background overview""[subject] funding money investors revenue financial""[subject] leadership employees partners associates""[subject] lawsuit scandal investigation controversy""[subject] location headquarters offices operations"
Step 3: Extract Everything
For EVERY person, company, location, money amount, or event found:
entity = Entity("Exact Name", "type", {"detail": "value", "source": "search"})
entity.depth = 1
graph.add_entity(entity)
graph.add_connection(Connection(seed.id, entity.id, "relationship", confidence))
Types: person · company · location · event · money · document · government · concept
Confidence: 0.9 confirmed · 0.7 reported · 0.4 alleged
Extract everything. If a result mentions 15 names, extract all 15. Every node is a potential expansion point.
Step 4: Detect Patterns
gaps = graph.detect_gaps()
Flag:
- Shell chains — A→B→C→D layered ownership
- Circular money — A pays B pays C pays A
- Missing links — heavily connected entities with no direct connection
- Revolving door — person moves between regulator and regulated
- Cross-links — entity appearing from two independent paths (strongest signal)
graph.findings.append("FINDING: description")
Step 5: Build Board and Save
board_path = os.path.join(inv_dir, 'board_3d.html')
build_board(graph, board_path, 'Investigation: ' + subject, mode='skill')
graph.save(inv_dir)
import subprocess
subprocess.Popen(['xdg-open', board_path], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL)
Step 6: Report
Always present:
- Stats — entities, connections, gaps
- Key findings — suspicious or notable patterns
- Entity breakdown — by type
- Top 5 to expand — most connected uninvestigated nodes
- Cross-links — entities appearing from multiple independent paths
/deepdive expand [entity]
# Load most recent investigation
import os
inv_root = os.path.join(DEEPDIVE_ROOT, 'investigations')
inv_dirs = sorted([d for d in os.listdir(inv_root) if os.path.isdir(os.path.join(inv_root, d))])
inv_dir = os.path.join(inv_root, inv_dirs[-1])
json_files = [f for f in os.listdir(inv_dir) if f.endswith('.json')]
graph = InvestigationGraph.load(os.path.join(inv_dir, json_files[0]))
# Find entity
entity_name = "THE_ENTITY"
entity = graph.entities.get(entity_name.lower().strip().replace(" ", "_")) or \
next((e for e in graph.entities.values() if entity_name.lower() in e.name.lower()), None)
Search 3 angles, extract at depth = parent.depth + 1. Always check for cross-links:
if new_entity_id in graph.entities:
graph.findings.append(f"CROSS-LINK: {name} connects to {entity.name} AND already in graph via another path")
graph.add_entity(new_entity)
graph.add_connection(Connection(entity.id, new_entity.id, relationship, confidence))
Mark done, rebuild, save:
graph.mark_investigated(entity.id)
graph.detect_gaps()
build_board(graph, board_path, graph.name, mode='skill')
graph.save(inv_dir)
/deepdive expand (auto)
next_id = graph.get_next_to_investigate()
# then follow expand flow above
Rules
- Extract every entity — more nodes means more discovery potential
- Always follow the money
- Every person, company, and amount gets a node
- Date everything you can
- Score confidence honestly — don't overstate
- Cross-links are the most valuable signal — never skip them
- Save after every expansion
- Rebuild the board after major updates
- Report findings, flag patterns — stay objective
Usage Guidance
This skill will (on first run) clone and pip-install a third-party GitHub repository and create a ~/deepdive directory with investigation data. Before installing, review the GitHub repo and its requirements.txt for malicious or surprising dependencies. If you proceed, run the skill in an isolated environment (VM/container) or use a dedicated Python virtualenv to avoid global pip installs. Do not place sensitive API keys into ~/.deepdive/settings.json or the web UI unless you fully trust the upstream code. Prefer manual installation and code inspection over automatic 'first run' installs; if you need the capability but want lower risk, ask the maintainer for a vetted release or run the tool from a checked-out copy you control.
Capability Analysis
Type: OpenClaw Skill
Name: deepdive-osint
Version: 1.0.0
The skill implements an 'Auto Install' feature in SKILL.md that uses subprocess to execute 'git clone' and 'pip install' from an external GitHub repository (github.com/Sinndarkblade/deepdive). This pattern introduces a significant supply-chain risk by fetching and executing unvetted remote code and dependencies on the host system. While the stated intent is for OSINT investigation, the use of system-level commands to bypass the skill's local scope and launch a local web server (port 8766) constitutes high-risk behavior without clear evidence of immediate malice.
Capability Assessment
Purpose & Capability
Name and description (autonomous OSINT, graphing, web extraction) align with required binaries (python3, git, pip3) and the declared uv package (duckduckgo-search). However, the SKILL.md also instructs an additional automatic git clone + pip install of the 'deepdive' GitHub repo which is not reflected in the registry install spec — a discrepancy worth noting.
Instruction Scope
Runtime instructions tell the agent to clone https://github.com/Sinndarkblade/deepdive and run pip install -r requirements.txt, import and execute code from that repo, start a local server, open local files with xdg-open, and save investigations under ~/deepdive. Those actions reach beyond simple in-skill commands: they download and execute arbitrary remote code and create persistent data on disk.
Install Mechanism
Registry lists only a uv install (duckduckgo-search -> ddgs), but the SKILL.md performs a git clone from GitHub and runs pip to install the repo's requirements. Cloning and pip-installing a third‑party repo on first run is a high-risk install pattern because it executes code pulled from upstream without verification.
Credentials
The skill declares no required env vars, but it uses and writes config at ~/.deepdive/settings.json (not declared) and recommends configuring external AI providers (which would require API keys). The skill's instructions therefore implicitly require storing/using credentials and config files that weren't declared in the metadata.
Persistence & Privilege
always:false and model invocation are normal, but the skill will create ~/deepdive and investigations, and pip-install dependencies into the Python environment. This grants persistent disk presence and can affect the host Python environment (global installs), which is a non-trivial privilege even if not 'always' enabled.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install deepdive-osint - After installation, invoke the skill by name or use
/deepdive-osint - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release. Autonomous OSINT investigation tool — maps connections between people, companies, money and events into an interactive 3D graph. Auto-installs full app from GitHub on first run. Built for deep extended investigations that don't stop at the first layer.
Metadata
Frequently Asked Questions
What is DeepDive OSINT?
Autonomous OSINT investigation tool. Give it a name, company, or event — it searches, extracts every entity, and maps connections into an interactive 3D grap... It is an AI Agent Skill for Claude Code / OpenClaw, with 76 downloads so far.
How do I install DeepDive OSINT?
Run "/install deepdive-osint" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is DeepDive OSINT free?
Yes, DeepDive OSINT is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does DeepDive OSINT support?
DeepDive OSINT is cross-platform and runs anywhere OpenClaw / Claude Code is available (linux, macos, windows).
Who created DeepDive OSINT?
It is built and maintained by Sinndarkblade (@sinndarkblade); the current version is v1.0.0.
More Skills