← Back to Skills Marketplace
Threat Intelligence — التهديدات
by
Kw.Hades- Creative Labs
· GitHub ↗
· v1.0.1
· MIT-0
233
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install threat-intel
Description
The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, sear...
Usage Guidance
This skill appears to implement the OSINT tasks it claims, but there are two practical concerns to decide on before installing:
1) Required host tools: The bundled script calls external binaries (curl and torsocks). The registry says "no required binaries" — verify that your agent environment provides curl and (for dark-web queries) torsocks/Tor, or the darkweb command will fail. If you don't want the agent to run system commands, do not enable exec for this skill.
2) Network & Tor access: The skill will fetch arbitrary remote content (t.me pages, crt.sh JSON, and .onion search engines). If you allow autonomous invocation, the agent can reach those endpoints without further prompts. Consider running the skill only when manually invoked, or sandbox network/Tor access and review onion engine URLs before use.
Additional recommendations:
- Confirm legal/organizational policy for scraping Telegram and querying onion services in your jurisdiction.
- If you want to proceed, run the bundled script locally first to inspect behavior and confirm which binaries are required.
- If you do not want Tor or .onion lookups, avoid using the darkweb command or ensure torsocks is not available to the agent.
Given the metadata/code mismatch (undeclared binary requirements) and the fact the skill makes network/Tor calls when executed, treat it as suspicious until you validate the runtime environment and trust boundaries.
Capability Analysis
Type: OpenClaw Skill
Name: threat-intel
Version: 1.0.1
The skill is a legitimate OSINT tool for monitoring Arabic-language threat intelligence. It uses scripts/run.py to fetch public data from Telegram, crt.sh, and dark web search engines via Tor. The code uses subprocess.run safely with argument lists to prevent shell injection, and the SKILL.md instructions are consistent with the stated purpose of passive reconnaissance and threat reporting without any evidence of malicious intent or data exfiltration.
Capability Assessment
Purpose & Capability
The skill name/description (Arabic-first OSINT: Telegram scraping, CT logs, Tor dark-web search) matches what the code does. However the package metadata declares no required binaries while the included script clearly invokes external programs (curl and torsocks). That mismatch is unexpected and should be clarified.
Instruction Scope
SKILL.md and scripts/run.py stay within passive OSINT: fetching public Telegram pages, querying crt.sh, and using Tor to query .onion search engines. The instructions do not ask the agent to read arbitrary local files or environment secrets. They do require the agent to run networked commands (curl/torsocks), which is consistent with the stated purpose but is an execution privilege to be aware of.
Install Mechanism
No install spec or external downloads are used; this is instruction-only plus a bundled Python script. Nothing in the manifest writes arbitrary remote code to disk at install time.
Credentials
The skill requests no environment variables or credentials, which matches the code (it uses public endpoints). There are no hidden secret accesses in the files. The only external dependencies are binaries (curl, optionally torsocks) which are not declared in the registry metadata.
Persistence & Privilege
always is false and the skill does not request persistent/privileged platform presence. It uses subprocess execution at runtime (normal for this kind of tool). Autonomous invocation is enabled by default (normal) — combine that with the exec capability only if you trust the skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install threat-intel - After installation, invoke the skill by name or use
/threat-intel - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Added LICENSE file to the project.
- No feature or functionality changes; legal licensing information included.
v1.0.0
1.0.0 — 2026-03-18 — initial release
Metadata
Frequently Asked Questions
What is Threat Intelligence — التهديدات?
The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, sear... It is an AI Agent Skill for Claude Code / OpenClaw, with 233 downloads so far.
How do I install Threat Intelligence — التهديدات?
Run "/install threat-intel" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Threat Intelligence — التهديدات free?
Yes, Threat Intelligence — التهديدات is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Threat Intelligence — التهديدات support?
Threat Intelligence — التهديدات is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Threat Intelligence — التهديدات?
It is built and maintained by Kw.Hades- Creative Labs (@abdullah944); the current version is v1.0.1.
More Skills