{ "schemaVersion": "1.0", "item": { "slug": "osint-investigator", "name": "OSINT Investigator", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/cineglobe/osint-investigator", "canonicalUrl": "https://clawhub.ai/cineglobe/osint-investigator", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/osint-investigator", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=osint-investigator", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "config/osint_config.json", "references/social-platforms.md", "references/osint-sources.md", "scripts/generate_pdf.sh", "scripts/generate_pdf.py", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/osint-investigator" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/osint-investigator", "agentPageUrl": "https://openagent3.xyz/skills/osint-investigator/agent", "manifestUrl": "https://openagent3.xyz/skills/osint-investigator/agent.json", "briefUrl": "https://openagent3.xyz/skills/osint-investigator/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "OSINT Investigator", "body": "Multi-source open-source intelligence gathering. Identify target type, run all applicable modules, then produce a structured report." }, { "title": "Target Classification", "body": "Before running any module, classify the target:\n\nPerson (real name, alias, face) → modules: social, web, image, username\nUsername / Handle → modules: username, social, web\nDomain / Website → modules: dns, whois, web, social\nIP Address → modules: ip, dns, web\nOrganisation / Company → modules: web, social, dns, maps, corporate\nPhone Number → modules: phone, web, social\nEmail Address → modules: email, web, social\nLocation / Address → modules: maps, web, social, geo\nImage / Photo → modules: image, reverse\nObject / Asset → modules: web, image, social\n\nRun ALL applicable modules in parallel. Never stop after one source." }, { "title": "🌐 Web Search (web_search tool)", "body": "Run at minimum 5–8 targeted queries per target. Vary operators:\n\n\"full name\" site:linkedin.com\n\"username\" -site:twitter.com\ntarget filetype:pdf\ntarget inurl:profile\n\"target\" \"email\" OR \"contact\" OR \"phone\"\ntarget site:reddit.com\ntarget site:github.com\n\nFollow top URLs with web_fetch to extract full content." }, { "title": "🔗 DNS / WHOIS", "body": "whois \ndig ANY\ndig MX\ndig TXT\nnslookup \nhost \n\nAlso fetch: https://rdap.org/domain/ via web_fetch" }, { "title": "🌍 IP Intelligence", "body": "curl -s https://ipinfo.io//json\ncurl -s https://ip-api.com/json/\n\nAlso check: https://www.shodan.io/host/ via web_fetch" }, { "title": "📱 Username Search", "body": "Check all platforms via web_fetch (just check HTTP status + page title — don't need to load full content for existence checks):\n\nhttps://github.com/\nhttps://twitter.com/\nhttps://instagram.com/\nhttps://reddit.com/user/\nhttps://tiktok.com/@\nhttps://youtube.com/@\nhttps://linkedin.com/in/\nhttps://medium.com/@\nhttps://pinterest.com/\nhttps://twitch.tv/\nhttps://steamcommunity.com/id/\nhttps://keybase.io/\nhttps://t.me/ (Telegram)" }, { "title": "🐦 Social Media Deep Dive", "body": "For each confirmed platform profile, use web_fetch to extract:\n\nBio / description\nProfile photo URL\nFollower/following counts\nJoin date\nLocation (if listed)\nLinks in bio\nPinned posts / recent activity\n\nFor Twitter/X: also search web_search for site:twitter.com \"\" and nitter mirrors." }, { "title": "🗺️ Maps & Location", "body": "# Use web_fetch or browser for:\n# Google Maps search\nhttps://maps.googleapis.com/maps/api/geocode/json?address=
&key=\n# Or use goplaces skill if available\n# Streetview metadata check\nhttps://maps.googleapis.com/maps/api/streetview/metadata?location=&key=\n\nAlso search: web_search for \"\" site:maps.google.com OR site:wikimapia.org OR site:openstreetmap.org" }, { "title": "🖼️ Image Search & Reverse Image Search", "body": "Finding images of a person (no image provided):\n\nSearch for profile photos on all confirmed social profiles — extract direct image URLs from page source or og:image meta tags\nRun web_search for \"\" site:linkedin.com — LinkedIn og:image often returns profile photo URL directly\nCheck Gravatar: compute MD5 of likely email addresses → https://www.gravatar.com/.json\nSearch news/press: web_search for \"\" filetype:jpg OR filetype:png\nUse web_fetch to pull og:image from any confirmed profile pages\n\nReverse image search (image URL or local file provided):\n\n# Direct URL-based reverse search (use web_fetch):\nhttps://yandex.com/images/search?rpt=imageview&url=\nhttps://tineye.com/search?url=\n\n# Google Lens (requires browser tool):\nhttps://lens.google.com/uploadbyurl?url=\n\n# For avatars and profile images — extract URL then feed into:\n# 1. Yandex (best for face matching, indexes more than Google)\n# 2. TinEye (exact match/copy detection)\n# 3. Google Lens via browser tool\n\nEXIF / Metadata extraction (if file is available locally):\n\nexiftool # full metadata dump\nexiftool -gps:all # GPS coordinates only\nexiftool -DateTimeOriginal # when photo was taken\n\nOnline tools: web_fetch https://www.metadata2go.com or https://www.pic2map.com\n\nPhoto geolocation (no EXIF GPS):\n\nStreet signs, shop names, vehicle plates → web_search to identify region\nArchitecture / vegetation / road markings → narrow country/region\nSun angle + shadow direction → https://www.suncalc.org to estimate time & location\nCross-reference with Google Street View via browser tool\n\nWhen searching for a person by image from social media:\n\nweb_fetch the profile page and look for og:image or src in the rendered HTML\nExtract the full CDN image URL\nFeed to Yandex imageview and TinEye\nNote: Instagram/Facebook CDN URLs expire — use Yandex cache or download first" }, { "title": "📧 Email Intelligence", "body": "# Breach/exposure check\ncurl -s \"https://haveibeenpwned.com/api/v3/breachedaccount/\" -H \"hibp-api-key: \"\n# Format validation + domain MX check\ndig $(echo | cut -d@ -f2) MX\n# Gravatar (hashed MD5 of email)\ncurl -s \"https://www.gravatar.com/.json\"\n\nAlso: web_search for \"\" site:pastebin.com OR site:ghostbin.com" }, { "title": "📞 Phone Intelligence", "body": "# Carrier / region lookup\ncurl -s \"https://phonevalidation.abstractapi.com/v1/?api_key=&phone=\"\n\nAlso: web_search for \"\" and check site:truecaller.com, site:whitepages.com" }, { "title": "🏢 Corporate / Organisation", "body": "Use web_fetch on:\n\nhttps://opencorporates.com/companies?q=\nCompanies House (UK): https://find-and-update.company-information.service.gov.uk/search?q=\nLinkedIn company page: https://linkedin.com/company/\nCrunchbase: web_search for site:crunchbase.com \"\"" }, { "title": "📄 Document & Data Leaks", "body": "web_search queries:\n\"\" filetype:pdf OR filetype:xlsx OR filetype:docx\n\"\" site:pastebin.com\n\"\" site:github.com password OR secret OR key\n\"\" site:trello.com OR site:notion.so" }, { "title": "🔍 Cache & Archive", "body": "# Wayback Machine\ncurl -s \"https://archive.org/wayback/available?url=\"\nweb_fetch \"https://web.archive.org/web/*/\" for snapshots\n# Google Cache via web_search: cache:" }, { "title": "Investigation Workflow", "body": "Classify the target type\nPlan — list all modules to run\nExecute all modules (parallelise where possible using multiple tool calls)\nCorrelate — cross-reference findings across sources, note consistencies and conflicts\nReport — structured output (see below)" }, { "title": "Report Format", "body": "Always produce a structured report. Adapt sections to what was found:\n\n# OSINT Report: \n**Date:** \n**Target Type:** \n**Query:** \n\n## Identity Summary\n[Key identifying information — name, aliases, age, location, nationality]\n\n## Online Presence\n[Confirmed profiles with URLs, follower counts, activity level]\n\n## Contact & Technical\n[Email addresses, phone numbers, domains, IPs]\n\n## Location Intelligence\n[Known locations, addresses, coordinates, map links]\n\n## Corporate / Organisational Links\n[Companies, roles, affiliations]\n\n## Historical Data\n[Archived content, old usernames, past locations]\n\n## Document & Data Exposure\n[Public documents, paste sites, leak mentions]\n\n## Image Intelligence\n[Profile photos, reverse image results, photo metadata]\n\n## Confidence & Gaps\n[Confidence level per finding — High/Medium/Low; list gaps]\n\n## Sources\n[All URLs consulted]" }, { "title": "Configuration & Authentication", "body": "Config is stored at: /config/osint_config.json (chmod 600, auto-created on first save).\n\nThe agent configures everything conversationally — no terminal script needed. When the user says they want to add credentials, configure PDF output, or set up an API key, follow the flow below." }, { "title": "Conversational Config Flow", "body": "When the user wants to configure the skill, ask them questions directly in chat and write the answers to the config file yourself using the write tool.\n\nStep 1 — Ask what they want to configure:\n\n\"What would you like to set up? I can configure:\n\nPlatform credentials (Instagram, Twitter/X, LinkedIn, Facebook)\nAPI keys (Google Maps, Shodan, HaveIBeenPwned, Hunter.io, AbstractAPI Phone)\nPDF report output (on/off, save location)\"\n\nStep 2 — Collect the values (ask one platform at a time):\n\nFor API keys: ask them to paste the key directly in chat\nFor passwords: warn them the value will be stored in a local JSON file, then ask\nFor output settings: ask yes/no / provide a path\n\nStep 3 — Write the config:\n\n# Read existing config (or start fresh)\nimport json, os\ncfg_path = \"/config/osint_config.json\"\nos.makedirs(os.path.dirname(cfg_path), exist_ok=True)\ncfg = json.load(open(cfg_path)) if os.path.exists(cfg_path) else {\"platforms\": {}, \"output\": {}}\n\n# Example: save Twitter bearer token\ncfg[\"platforms\"][\"twitter\"] = {\"configured\": True, \"method\": \"api_key\", \"bearer_token\": \"\"}\n\n# Example: enable PDF\ncfg[\"output\"][\"pdf_enabled\"] = True\ncfg[\"output\"][\"pdf_output_dir\"] = \"~/Desktop\"\n\n# Write back\nwith open(cfg_path, \"w\") as f:\n json.dump(cfg, f, indent=2)\nos.chmod(cfg_path, 0o600)\n\nUse the write tool directly — no need to run Python." }, { "title": "Supported Platform Integrations", "body": "PlatformFieldsWhat It UnlocksInstagramusername, passwordProfile content behind login wall — use a burner accountTwitter/Xbearer_token (+ optional api_key, api_secret)Full tweet/profile/search via API v2 (free tier works)LinkedInusername (email), passwordProfile scraping — use sparingly, heavily rate-limitedFacebookemail, passwordPublic profile/group contentGoogle Mapsapi_keyGeocoding, Place Search, Street View metadataShodanapi_keyDeep IP/host intelligenceHaveIBeenPwnedapi_keyEmail breach lookups ($3.95/mo at haveibeenpwned.com/API/Key)Hunter.ioapi_keyEmail discovery by domain (free: 25 req/mo at hunter.io/api-keys)AbstractAPI Phoneapi_keyPhone carrier/region lookup (app.abstractapi.com/api/phone-validation)" }, { "title": "Reading Credentials During a Search", "body": "# Read config and extract a value in one line:\nBEARER=$(python3 -c \"import json; c=json.load(open('/config/osint_config.json')); print(c['platforms']['twitter']['bearer_token'])\")\n\n# Then use it:\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/users/by/username/?user.fields=description,location,created_at,public_metrics\"" }, { "title": "Twitter/X API v2 (when configured)", "body": "# Profile lookup\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/users/by/username/?user.fields=description,location,created_at,public_metrics,entities\"\n\n# Recent tweets\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/users//tweets?max_results=10&tweet.fields=created_at,geo,entities\"\n\n# Search recent tweets\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/tweets/search/recent?query=&max_results=10\"" }, { "title": "Shodan API (when configured)", "body": "curl -s \"https://api.shodan.io/shodan/host/?key=$SHODAN_KEY\"\ncurl -s \"https://api.shodan.io/dns/resolve?hostnames=&key=$SHODAN_KEY\"" }, { "title": "Hunter.io API (when configured)", "body": "curl -s \"https://api.hunter.io/v2/domain-search?domain=&api_key=$HUNTER_KEY\"\ncurl -s \"https://api.hunter.io/v2/email-verifier?email=&api_key=$HUNTER_KEY\"" }, { "title": "HaveIBeenPwned API (when configured)", "body": "curl -s \"https://haveibeenpwned.com/api/v3/breachedaccount/\" \\\n -H \"hibp-api-key: $HIBP_KEY\" -H \"User-Agent: osint-investigator\"" }, { "title": "Google Maps API (when configured)", "body": "curl -s \"https://maps.googleapis.com/maps/api/geocode/json?address=
&key=$GMAPS_KEY\"\ncurl -s \"https://maps.googleapis.com/maps/api/place/textsearch/json?query=&key=$GMAPS_KEY\"\ncurl -s \"https://maps.googleapis.com/maps/api/streetview/metadata?location=&key=$GMAPS_KEY\"" }, { "title": "Check if PDF is enabled", "body": "python3 -c \"import json; c=json.load(open('/config/osint_config.json')); print(c.get('output',{}).get('pdf_enabled', False))\"" }, { "title": "Generate a PDF", "body": "Write the markdown report to a temp file, then run the shell wrapper (self-installs fpdf2 if missing):\n\ncat > /tmp/osint_report.md << 'ENDREPORT'\n\nENDREPORT\n\nbash /scripts/generate_pdf.sh \\\n --input /tmp/osint_report.md \\\n --target \"Target Name\" \\\n --output ~/Desktop\n\nThe wrapper (generate_pdf.sh) will:\n\nCheck if fpdf2 is installed — install it automatically if not\nCall generate_pdf.py with the same arguments\nPrint the output path: PDF saved: /path/to/OSINT_Name_20260225_1035.pdf\n\nNo setup needed by the user — works on any machine with Python 3 + pip." }, { "title": "PDF confidence colour coding", "body": "Confidence is detected automatically from the text of each section/paragraph/table row — just include the word in your report and the PDF will colour-code it:\n\n🟢 GREEN [HIGH] — verified from multiple reliable sources\n🟠 ORANGE [MED] — likely correct, single or unverified source\n🔴 RED [LOW] — possible match, little corroborating evidence\n⚪ GREY [UNVERIFIED] — user-provided context, not independently confirmed" }, { "title": "Toggling PDF output via conversation", "body": "When the user says \"turn on PDF reports\" or \"disable PDF output\":\n\nRead the config file\nUpdate cfg[\"output\"][\"pdf_enabled\"] to true or false\nWrite it back\nConfirm to the user" }, { "title": "Ethics & Legality", "body": "Only use publicly available data — never attempt to access private systems\nDo not aggregate data in ways designed to facilitate stalking or harassment\nRespect robots.txt in spirit; use cached/archive versions where direct scraping is blocked\nIf the target is clearly a private individual being investigated without consent, flag this before proceeding\nInstagram/LinkedIn/Facebook credentials: always recommend a burner/alt account — never the user's personal accounts" }, { "title": "Reference Files", "body": "references/osint-sources.md — curated OSINT databases, APIs, and search operators by category\nreferences/social-platforms.md — platform-specific extraction tips and URL patterns\nscripts/generate_pdf.py — PDF generator (requires fpdf2, auto-installed via shell wrapper)\nscripts/generate_pdf.sh — shell wrapper; self-installs fpdf2, then calls generate_pdf.py\nconfig/osint_config.json — live config (auto-created on first write, chmod 600)" } ], "body": "OSINT Investigator\n\nMulti-source open-source intelligence gathering. Identify target type, run all applicable modules, then produce a structured report.\n\nTarget Classification\n\nBefore running any module, classify the target:\n\nPerson (real name, alias, face) → modules: social, web, image, username\nUsername / Handle → modules: username, social, web\nDomain / Website → modules: dns, whois, web, social\nIP Address → modules: ip, dns, web\nOrganisation / Company → modules: web, social, dns, maps, corporate\nPhone Number → modules: phone, web, social\nEmail Address → modules: email, web, social\nLocation / Address → modules: maps, web, social, geo\nImage / Photo → modules: image, reverse\nObject / Asset → modules: web, image, social\n\nRun ALL applicable modules in parallel. Never stop after one source.\n\nModule Playbook\n🌐 Web Search (web_search tool)\n\nRun at minimum 5–8 targeted queries per target. Vary operators:\n\n\"full name\" site:linkedin.com\n\"username\" -site:twitter.com\ntarget filetype:pdf\ntarget inurl:profile\n\"target\" \"email\" OR \"contact\" OR \"phone\"\ntarget site:reddit.com\ntarget site:github.com\n\n\nFollow top URLs with web_fetch to extract full content.\n\n🔗 DNS / WHOIS\nwhois \ndig ANY\ndig MX\ndig TXT\nnslookup \nhost \n\n\nAlso fetch: https://rdap.org/domain/ via web_fetch\n\n🌍 IP Intelligence\ncurl -s https://ipinfo.io//json\ncurl -s https://ip-api.com/json/\n\n\nAlso check: https://www.shodan.io/host/ via web_fetch\n\n📱 Username Search\n\nCheck all platforms via web_fetch (just check HTTP status + page title — don't need to load full content for existence checks):\n\nhttps://github.com/\nhttps://twitter.com/\nhttps://instagram.com/\nhttps://reddit.com/user/\nhttps://tiktok.com/@\nhttps://youtube.com/@\nhttps://linkedin.com/in/\nhttps://medium.com/@\nhttps://pinterest.com/\nhttps://twitch.tv/\nhttps://steamcommunity.com/id/\nhttps://keybase.io/\nhttps://t.me/ (Telegram)\n🐦 Social Media Deep Dive\n\nFor each confirmed platform profile, use web_fetch to extract:\n\nBio / description\nProfile photo URL\nFollower/following counts\nJoin date\nLocation (if listed)\nLinks in bio\nPinned posts / recent activity\n\nFor Twitter/X: also search web_search for site:twitter.com \"\" and nitter mirrors.\n\n🗺️ Maps & Location\n# Use web_fetch or browser for:\n# Google Maps search\nhttps://maps.googleapis.com/maps/api/geocode/json?address=
&key=\n# Or use goplaces skill if available\n# Streetview metadata check\nhttps://maps.googleapis.com/maps/api/streetview/metadata?location=&key=\n\n\nAlso search: web_search for \"\" site:maps.google.com OR site:wikimapia.org OR site:openstreetmap.org\n\n🖼️ Image Search & Reverse Image Search\n\nFinding images of a person (no image provided):\n\nSearch for profile photos on all confirmed social profiles — extract direct image URLs from page source or og:image meta tags\nRun web_search for \"\" site:linkedin.com — LinkedIn og:image often returns profile photo URL directly\nCheck Gravatar: compute MD5 of likely email addresses → https://www.gravatar.com/.json\nSearch news/press: web_search for \"\" filetype:jpg OR filetype:png\nUse web_fetch to pull og:image from any confirmed profile pages\n\nReverse image search (image URL or local file provided):\n\n# Direct URL-based reverse search (use web_fetch):\nhttps://yandex.com/images/search?rpt=imageview&url=\nhttps://tineye.com/search?url=\n\n# Google Lens (requires browser tool):\nhttps://lens.google.com/uploadbyurl?url=\n\n# For avatars and profile images — extract URL then feed into:\n# 1. Yandex (best for face matching, indexes more than Google)\n# 2. TinEye (exact match/copy detection)\n# 3. Google Lens via browser tool\n\n\nEXIF / Metadata extraction (if file is available locally):\n\nexiftool # full metadata dump\nexiftool -gps:all # GPS coordinates only\nexiftool -DateTimeOriginal # when photo was taken\n\n\nOnline tools: web_fetch https://www.metadata2go.com or https://www.pic2map.com\n\nPhoto geolocation (no EXIF GPS):\n\nStreet signs, shop names, vehicle plates → web_search to identify region\nArchitecture / vegetation / road markings → narrow country/region\nSun angle + shadow direction → https://www.suncalc.org to estimate time & location\nCross-reference with Google Street View via browser tool\n\nWhen searching for a person by image from social media:\n\nweb_fetch the profile page and look for og:image or src in the rendered HTML\nExtract the full CDN image URL\nFeed to Yandex imageview and TinEye\nNote: Instagram/Facebook CDN URLs expire — use Yandex cache or download first\n📧 Email Intelligence\n# Breach/exposure check\ncurl -s \"https://haveibeenpwned.com/api/v3/breachedaccount/\" -H \"hibp-api-key: \"\n# Format validation + domain MX check\ndig $(echo | cut -d@ -f2) MX\n# Gravatar (hashed MD5 of email)\ncurl -s \"https://www.gravatar.com/.json\"\n\n\nAlso: web_search for \"\" site:pastebin.com OR site:ghostbin.com\n\n📞 Phone Intelligence\n# Carrier / region lookup\ncurl -s \"https://phonevalidation.abstractapi.com/v1/?api_key=&phone=\"\n\n\nAlso: web_search for \"\" and check site:truecaller.com, site:whitepages.com\n\n🏢 Corporate / Organisation\n\nUse web_fetch on:\n\nhttps://opencorporates.com/companies?q=\nCompanies House (UK): https://find-and-update.company-information.service.gov.uk/search?q=\nLinkedIn company page: https://linkedin.com/company/\nCrunchbase: web_search for site:crunchbase.com \"\"\n📄 Document & Data Leaks\nweb_search queries:\n\"\" filetype:pdf OR filetype:xlsx OR filetype:docx\n\"\" site:pastebin.com\n\"\" site:github.com password OR secret OR key\n\"\" site:trello.com OR site:notion.so\n\n🔍 Cache & Archive\n# Wayback Machine\ncurl -s \"https://archive.org/wayback/available?url=\"\nweb_fetch \"https://web.archive.org/web/*/\" for snapshots\n# Google Cache via web_search: cache:\n\nInvestigation Workflow\nClassify the target type\nPlan — list all modules to run\nExecute all modules (parallelise where possible using multiple tool calls)\nCorrelate — cross-reference findings across sources, note consistencies and conflicts\nReport — structured output (see below)\nReport Format\n\nAlways produce a structured report. Adapt sections to what was found:\n\n# OSINT Report: \n**Date:** \n**Target Type:** \n**Query:** \n\n## Identity Summary\n[Key identifying information — name, aliases, age, location, nationality]\n\n## Online Presence\n[Confirmed profiles with URLs, follower counts, activity level]\n\n## Contact & Technical\n[Email addresses, phone numbers, domains, IPs]\n\n## Location Intelligence\n[Known locations, addresses, coordinates, map links]\n\n## Corporate / Organisational Links\n[Companies, roles, affiliations]\n\n## Historical Data\n[Archived content, old usernames, past locations]\n\n## Document & Data Exposure\n[Public documents, paste sites, leak mentions]\n\n## Image Intelligence\n[Profile photos, reverse image results, photo metadata]\n\n## Confidence & Gaps\n[Confidence level per finding — High/Medium/Low; list gaps]\n\n## Sources\n[All URLs consulted]\n\nConfiguration & Authentication\n\nConfig is stored at: /config/osint_config.json (chmod 600, auto-created on first save).\n\nThe agent configures everything conversationally — no terminal script needed. When the user says they want to add credentials, configure PDF output, or set up an API key, follow the flow below.\n\nConversational Config Flow\n\nWhen the user wants to configure the skill, ask them questions directly in chat and write the answers to the config file yourself using the write tool.\n\nStep 1 — Ask what they want to configure:\n\n\"What would you like to set up? I can configure:\n\nPlatform credentials (Instagram, Twitter/X, LinkedIn, Facebook)\nAPI keys (Google Maps, Shodan, HaveIBeenPwned, Hunter.io, AbstractAPI Phone)\nPDF report output (on/off, save location)\"\n\nStep 2 — Collect the values (ask one platform at a time):\n\nFor API keys: ask them to paste the key directly in chat\nFor passwords: warn them the value will be stored in a local JSON file, then ask\nFor output settings: ask yes/no / provide a path\n\nStep 3 — Write the config:\n\n# Read existing config (or start fresh)\nimport json, os\ncfg_path = \"/config/osint_config.json\"\nos.makedirs(os.path.dirname(cfg_path), exist_ok=True)\ncfg = json.load(open(cfg_path)) if os.path.exists(cfg_path) else {\"platforms\": {}, \"output\": {}}\n\n# Example: save Twitter bearer token\ncfg[\"platforms\"][\"twitter\"] = {\"configured\": True, \"method\": \"api_key\", \"bearer_token\": \"\"}\n\n# Example: enable PDF\ncfg[\"output\"][\"pdf_enabled\"] = True\ncfg[\"output\"][\"pdf_output_dir\"] = \"~/Desktop\"\n\n# Write back\nwith open(cfg_path, \"w\") as f:\n json.dump(cfg, f, indent=2)\nos.chmod(cfg_path, 0o600)\n\n\nUse the write tool directly — no need to run Python.\n\nSupported Platform Integrations\nPlatform\tFields\tWhat It Unlocks\nInstagram\tusername, password\tProfile content behind login wall — use a burner account\nTwitter/X\tbearer_token (+ optional api_key, api_secret)\tFull tweet/profile/search via API v2 (free tier works)\nLinkedIn\tusername (email), password\tProfile scraping — use sparingly, heavily rate-limited\nFacebook\temail, password\tPublic profile/group content\nGoogle Maps\tapi_key\tGeocoding, Place Search, Street View metadata\nShodan\tapi_key\tDeep IP/host intelligence\nHaveIBeenPwned\tapi_key\tEmail breach lookups ($3.95/mo at haveibeenpwned.com/API/Key)\nHunter.io\tapi_key\tEmail discovery by domain (free: 25 req/mo at hunter.io/api-keys)\nAbstractAPI Phone\tapi_key\tPhone carrier/region lookup (app.abstractapi.com/api/phone-validation)\nReading Credentials During a Search\n# Read config and extract a value in one line:\nBEARER=$(python3 -c \"import json; c=json.load(open('/config/osint_config.json')); print(c['platforms']['twitter']['bearer_token'])\")\n\n# Then use it:\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/users/by/username/?user.fields=description,location,created_at,public_metrics\"\n\nTwitter/X API v2 (when configured)\n# Profile lookup\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/users/by/username/?user.fields=description,location,created_at,public_metrics,entities\"\n\n# Recent tweets\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/users//tweets?max_results=10&tweet.fields=created_at,geo,entities\"\n\n# Search recent tweets\ncurl -s -H \"Authorization: Bearer $BEARER\" \\\n \"https://api.twitter.com/2/tweets/search/recent?query=&max_results=10\"\n\nShodan API (when configured)\ncurl -s \"https://api.shodan.io/shodan/host/?key=$SHODAN_KEY\"\ncurl -s \"https://api.shodan.io/dns/resolve?hostnames=&key=$SHODAN_KEY\"\n\nHunter.io API (when configured)\ncurl -s \"https://api.hunter.io/v2/domain-search?domain=&api_key=$HUNTER_KEY\"\ncurl -s \"https://api.hunter.io/v2/email-verifier?email=&api_key=$HUNTER_KEY\"\n\nHaveIBeenPwned API (when configured)\ncurl -s \"https://haveibeenpwned.com/api/v3/breachedaccount/\" \\\n -H \"hibp-api-key: $HIBP_KEY\" -H \"User-Agent: osint-investigator\"\n\nGoogle Maps API (when configured)\ncurl -s \"https://maps.googleapis.com/maps/api/geocode/json?address=
&key=$GMAPS_KEY\"\ncurl -s \"https://maps.googleapis.com/maps/api/place/textsearch/json?query=&key=$GMAPS_KEY\"\ncurl -s \"https://maps.googleapis.com/maps/api/streetview/metadata?location=&key=$GMAPS_KEY\"\n\nPDF Report Generation\nCheck if PDF is enabled\npython3 -c \"import json; c=json.load(open('/config/osint_config.json')); print(c.get('output',{}).get('pdf_enabled', False))\"\n\nGenerate a PDF\n\nWrite the markdown report to a temp file, then run the shell wrapper (self-installs fpdf2 if missing):\n\ncat > /tmp/osint_report.md << 'ENDREPORT'\n\nENDREPORT\n\nbash /scripts/generate_pdf.sh \\\n --input /tmp/osint_report.md \\\n --target \"Target Name\" \\\n --output ~/Desktop\n\n\nThe wrapper (generate_pdf.sh) will:\n\nCheck if fpdf2 is installed — install it automatically if not\nCall generate_pdf.py with the same arguments\nPrint the output path: PDF saved: /path/to/OSINT_Name_20260225_1035.pdf\n\nNo setup needed by the user — works on any machine with Python 3 + pip.\n\nPDF confidence colour coding\n\nConfidence is detected automatically from the text of each section/paragraph/table row — just include the word in your report and the PDF will colour-code it:\n\n🟢 GREEN [HIGH] — verified from multiple reliable sources\n🟠 ORANGE [MED] — likely correct, single or unverified source\n🔴 RED [LOW] — possible match, little corroborating evidence\n⚪ GREY [UNVERIFIED] — user-provided context, not independently confirmed\nToggling PDF output via conversation\n\nWhen the user says \"turn on PDF reports\" or \"disable PDF output\":\n\nRead the config file\nUpdate cfg[\"output\"][\"pdf_enabled\"] to true or false\nWrite it back\nConfirm to the user\nEthics & Legality\nOnly use publicly available data — never attempt to access private systems\nDo not aggregate data in ways designed to facilitate stalking or harassment\nRespect robots.txt in spirit; use cached/archive versions where direct scraping is blocked\nIf the target is clearly a private individual being investigated without consent, flag this before proceeding\nInstagram/LinkedIn/Facebook credentials: always recommend a burner/alt account — never the user's personal accounts\nReference Files\nreferences/osint-sources.md — curated OSINT databases, APIs, and search operators by category\nreferences/social-platforms.md — platform-specific extraction tips and URL patterns\nscripts/generate_pdf.py — PDF generator (requires fpdf2, auto-installed via shell wrapper)\nscripts/generate_pdf.sh — shell wrapper; self-installs fpdf2, then calls generate_pdf.py\nconfig/osint_config.json — live config (auto-created on first write, chmod 600)" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/cineglobe/osint-investigator", "publisherUrl": "https://clawhub.ai/cineglobe/osint-investigator", "owner": "cineglobe", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/osint-investigator", "downloadUrl": "https://openagent3.xyz/downloads/osint-investigator", "agentUrl": "https://openagent3.xyz/skills/osint-investigator/agent", "manifestUrl": "https://openagent3.xyz/skills/osint-investigator/agent.json", "briefUrl": "https://openagent3.xyz/skills/osint-investigator/agent.md" } }