← 返回 Skills 市场
OSINT Daily Brief
作者
infectit007
· GitHub ↗
· v1.0.0
· MIT-0
89
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install osint-daily-brief
功能描述
Generate a daily OSINT intelligence brief on any target — domain, company, IP, person, or keyword — using Tavily web search, WHOIS, DNS recon, and Shodan. De...
安全使用建议
This appears to be a legitimate OSINT recipe, but metadata and instructions disagree about required credentials. Before installing: (1) insist the publisher update the registry metadata to list TAVILY_API_KEY (and optionally SHODAN_API_KEY) so automated permission checks are accurate; (2) only provide API keys you trust and that are scoped/minimized; (3) verify Tavily and Shodan endpoints and their privacy/retention policies (collected data will be sent to them); (4) be cautious about scheduling automated runs that send reports to external destinations (Telegram example uses an undeclared token); and (5) if you want extra safety, run first in a sandboxed environment or request the author add explicit configuration options and a preview mode that does not exfiltrate results. If the publisher cannot clarify the missing env var declarations and the Telegram delivery details, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: osint-daily-brief
Version: 1.0.0
The skill is a legitimate OSINT tool designed to generate intelligence reports using Tavily, Shodan, and system utilities like `dig` and `whois`. The Python snippets in SKILL.md use safe subprocess.run calls (passing arguments as a list) to prevent shell injection, and the data flow is restricted to the stated API providers. No indicators of data exfiltration, obfuscation, or malicious intent were identified.
能力评估
Purpose & Capability
The SKILL.md clearly requires a TAVILY_API_KEY (and optionally SHODAN_API_KEY) to function, but the registry metadata lists no required environment variables or primary credential — that mismatch is incoherent. The use of dig/whois/shodan is reasonable for an OSINT brief, but the missing declaration of required credentials is a configuration/metadata problem that affects trust and automated permission checks.
Instruction Scope
Instructions are explicit about calling external APIs (Tavily, Shodan) and running local binaries (dig, whois) via subprocess. Those actions are within expected OSINT scope, but the workflow also demonstrates scheduling reports to Telegram without declaring the Telegram token or how to deliver reports safely, which is an undeclared outbound endpoint/requirement. The code reads environment variables directly (os.environ['TAVILY_API_KEY']) and will fail or crash if missing — the agent could also transmit collected data to the external services it depends on (expected for the function, but important to note).
Install Mechanism
No install spec and no code files beyond SKILL.md — lowest install risk. The SKILL.md notes that dig and whois are required system utilities and suggests apt installs; that is reasonable and transparent. There are no downloads or archive extraction steps.
Credentials
The skill requires at minimum TAVILY_API_KEY (required) and optionally SHODAN_API_KEY, but the registry metadata did not declare these. This mismatch prevents automated reviewers from knowing what secrets will be accessed. The number and type of env vars is itself modest and appropriate for the task, but the lack of declared primaryEnv/required envs is the main issue. The SKILL.md also references potential Tor/SOCKS use and sending to Telegram, but does not declare how those credentials/proxies are supplied.
Persistence & Privilege
always:false and user-invocable:true (defaults) — no elevated persistence requested. The SKILL.md shows how to schedule runs via openclaw cron, which is a user-level action; the skill does not request system modifications or cross-skill config changes. Because the skill can be invoked autonomously by the agent (disable-model-invocation:false, the default), an installed API key could be used by the agent when it decides to run the skill — consider limiting autonomous invocation if you don't trust that behavior.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install osint-daily-brief - 安装完成后,直接呼叫该 Skill 的名称或使用
/osint-daily-brief触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. Automated OSINT report using Tavily AI search, DNS recon, WHOIS, and Shodan. Structured daily brief for brand monitoring, competitive intel, and pre-engagement recon.
元数据
常见问题
OSINT Daily Brief 是什么?
Generate a daily OSINT intelligence brief on any target — domain, company, IP, person, or keyword — using Tavily web search, WHOIS, DNS recon, and Shodan. De... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 89 次。
如何安装 OSINT Daily Brief?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install osint-daily-brief」即可一键安装,无需额外配置。
OSINT Daily Brief 是免费的吗?
是的,OSINT Daily Brief 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
OSINT Daily Brief 支持哪些平台?
OSINT Daily Brief 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 OSINT Daily Brief?
由 infectit007(@infectit007)开发并维护,当前版本 v1.0.0。
推荐 Skills