OSINT
Customization
Before executing, check for user customizations at:
~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/OSINT/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)
You MUST send this notification BEFORE doing anything else when this skill is invoked.
-
Send voice notification:
curl -s -X POST http://localhost:8888/notify \ -H "Content-Type: application/json" \ -d '{"message": "Running the WORKFLOWNAME workflow in the OSINT skill to ACTION"}' \ > /dev/null 2>&1 & -
Output text notification:
Running the **WorkflowName** workflow in the **OSINT** skill to ACTION...
This is not optional. Execute this curl command immediately upon skill invocation.
OSINT Skill
Open Source Intelligence gathering for authorized investigations.
Workflow Routing
| Investigation Type | Workflow | Context |
|---|---|---|
| People lookup | Workflows/PeopleLookup.md |
SOURCES.JSON |
| Company lookup | Workflows/CompanyLookup.md |
SOURCES.JSON |
| Investment due diligence | Workflows/CompanyDueDiligence.md |
SOURCES.JSON |
| Entity/threat intel | Workflows/EntityLookup.md |
SOURCES.JSON |
| Domain/subdomain investigation | Workflows/DomainLookup.md |
SOURCES.JSON |
| Organization/NGO/gov research | Workflows/OrganizationLookup.md |
SOURCES.JSON |
| Discover new OSINT sources | Workflows/DiscoverOSINTSources.md |
SOURCES.JSON |
Trigger Patterns
People OSINT:
- "do OSINT on [person]", "research [person]", "background check on [person]"
- "who is [person]", "find info about [person]", "investigate this person"
-> Route to
Workflows/PeopleLookup.md
Company OSINT:
- "do OSINT on [company]", "research [company]", "company intelligence"
- "what can you find about [company]", "investigate [company]"
-> Route to
Workflows/CompanyLookup.md
Investment Due Diligence:
- "due diligence on [company]", "vet [company]", "is [company] legitimate"
- "assess [company]", "should we work with [company]"
-> Route to
Workflows/CompanyDueDiligence.md
Entity/Threat Intel:
- "investigate [entity]", "threat intelligence on [entity]", "is this malicious"
- "research this threat actor", "analyze [entity]", "check this IP"
-> Route to
Workflows/EntityLookup.md
Domain/Subdomain Investigation:
- "investigate domain", "check domain", "subdomain enumeration"
- "domain recon on [domain]", "what subdomains does [domain] have"
- "DNS investigation", "certificate transparency for [domain]"
-> Route to
Workflows/DomainLookup.md
Organization/NGO/Government:
- "research organization", "investigate NGO", "research agency"
- "who is [organization]", "investigate [nonprofit]", "research [government agency]"
- "what do we know about [association]", "background on [institution]"
-> Route to
Workflows/OrganizationLookup.md
Authorization (REQUIRED)
Before ANY investigation, verify:
- Explicit authorization from client
- Clear scope definition
- Legal compliance confirmed
- Documentation in place
STOP if any checkbox is unchecked. See EthicalFramework.md for details.
Resource Index
| File | Purpose |
|---|---|
SOURCES.JSON |
Master catalog of 279 OSINT sources across 8 categories |
SOURCES.md |
Human-readable source reference with descriptions and access info |
EthicalFramework.md |
Authorization, legal, ethical boundaries |
Methodology.md |
Collection methods, verification, reporting |
PeopleTools.md |
People search, social media, public records (legacy — use SOURCES.JSON) |
CompanyTools.md |
Business databases, DNS, tech profiling (legacy — use SOURCES.JSON) |
EntityTools.md |
Threat intel, scanning, malware analysis (legacy — use SOURCES.JSON) |
Integration
Automatic skill invocations:
- Research Skill - Parallel researcher agent deployment (REQUIRED)
- Recon Skill - Technical infrastructure reconnaissance
Agent fleet patterns:
- Quick lookup: 4-6 agents
- Standard investigation: 8-16 agents
- Comprehensive due diligence: 24-32 agents
Researcher types:
| Researcher | Best For |
|---|---|
| PerplexityResearcher | Current web data, social media, company updates |
| ClaudeResearcher | Academic depth, professional backgrounds |
| GeminiResearcher | Multi-perspective, cross-domain connections |
| GrokResearcher | Contrarian analysis, fact-checking |
File Organization
Active investigations:
~/.claude/MEMORY/WORK/$(jq -r '.work_dir' ~/.claude/MEMORY/STATE/current-work.json)/YYYY-MM-DD-HHMMSS_osint-[target]/
Archived reports:
~/.claude/History/research/YYYY-MM/[target]-osint/
Ethical Guardrails
ALLOWED: Public sources only - websites, social media, public records, search engines, archived content
PROHIBITED: Private data, unauthorized access, social engineering, purchasing breached data, ToS violations
See EthicalFramework.md for complete requirements.
Version: 3.0 (SOURCES.JSON Integration) Last Updated: February 2026
More from danielmiessler/personal_ai_infrastructure
firstprinciples
Physics-based reasoning framework (Musk/Elon methodology) that deconstructs problems to irreducible fundamental truths rather than reasoning by analogy. Three-step structure: DECONSTRUCT (break to constituent parts and actual values), CHALLENGE (classify every element as hard constraint / soft constraint / unvalidated assumption — only physics is truly immutable), RECONSTRUCT (build optimal solution from fundamentals alone, ignoring inherited form). Outputs: constituent-parts breakdown, constraint classification table, and reconstructed solution with key insight. Three workflows: Deconstruct.md, Challenge.md, Reconstruct.md. Integrates with RedTeam (attack assumptions before deploying adversarial agents), Security (decompose threat model), Architecture (challenge design constraints), and Pentesters (decompose assumed security boundaries). Other skills invoke via: Challenge on all stated constraints → classify as hard/soft/assumption. Cross-domain synthesis: solutions from unrelated fields often apply once the fundamental truths are exposed. NOT FOR incident investigation and causal chains (use RootCauseAnalysis). NOT FOR structural feedback loops (use SystemsThinking). USE WHEN first principles, fundamental truths, challenge assumptions, is this a real constraint, rebuild from scratch, what are we actually paying for, what is this really made of, start over, physics first, question everything, reasoning by analogy, is this really necessary.
162documents
Read, write, convert, and analyze documents — routes to PDF, DOCX, XLSX, PPTX sub-skills for creation, editing, extraction, and format conversion. USE WHEN document, process file, create document, convert format, extract text, PDF, DOCX, XLSX, PPTX, Word, Excel, spreadsheet, PowerPoint, presentation, slides, consulting report, large PDF, merge PDF, fill form, tracked changes, redlining.
116redteam
Military-grade adversarial analysis that deploys 32 parallel expert agents (engineers, architects, pentesters, interns) to stress-test ideas, strategies, and plans — not systems or infrastructure. Two workflows: ParallelAnalysis (5-phase: decompose into 24 atomic claims → 32-agent parallel attack → synthesis → steelman → counter-argument, each 8 points) and AdversarialValidation (competing proposals synthesized into best solution). Context files: Philosophy.md (core principles, success criteria, agent types), Integration.md (how to combine with FirstPrinciples, Council, and other skills; output format). Targets arguments, not network vulnerabilities. Findings ranked by severity; goal is to strengthen, not destroy — weaknesses delivered with remediation paths. Collaborates with FirstPrinciples (decompose assumptions before attacking) and Council (Council debates to find paths; RedTeam attacks whatever survives). Also invoked internally by Ideate (TEST phase) and WorldThreatModel (horizon stress-testing). NOT FOR AI instruction set auditing (use BitterPillEngineering). NOT FOR network/system vulnerability testing (use a security assessment skill). USE WHEN red team, attack idea, counterarguments, critique, stress test, devil's advocate, find weaknesses, break this, poke holes, what could go wrong, strongest objection, adversarial validation, battle of bots.
115privateinvestigator
Ethical people-finding using 15 parallel research agents (45 search threads) across public records, social media, reverse lookups. Public data only, no pretexting. USE WHEN find person, locate, reconnect, people search, skip trace, reverse lookup, social media search, public records search, verify identity.
114council
Multi-agent collaborative debate that produces visible round-by-round transcripts with genuine intellectual friction. All council members are custom-composed via ComposeAgent (Agents skill) with domain expertise, unique voice, and personality tailored to the specific topic — never built-in generic types. ComposeAgent invoked as: bun run ~/.claude/skills/Agents/Tools/ComposeAgent.ts. Two workflows: DEBATE (3 rounds, full transcript + synthesis, parallel execution within rounds, 40-90 seconds total) and QUICK (1 round, fast perspective check). Context files: CouncilMembers.md (agent composition instructions), RoundStructure.md (three-round structure and timing), OutputFormat.md (transcript format templates). Agents are designed per debate topic to create real disagreement; 4-6 well-composed agents outperform 12 generic ones. Council is collaborative-adversarial (debate to find best path); for pure adversarial attack on an idea, use RedTeam instead. NOT FOR parallel task execution across agents (use Delegation skill). USE WHEN council, debate, multiple perspectives, weigh options, deliberate, get different views, multi-agent discussion, what would experts say, is there consensus, pros and cons from multiple angles.
113art
Generates static visual content across 20+ formats via Flux, Nano Banana Pro (Gemini 3 Pro), and GPT-Image-1. Covers blog header illustrations, editorial art, Mermaid flowcharts, technical architecture diagrams, D3.js dashboards, taxonomies, timelines, 2x2 framework matrices, comparisons, annotated screenshots, recipe cards, aphorism/quote cards, conceptual maps, stat cards, comic panels, YouTube thumbnails, PAI pack icons, and brand-logo wallpapers. Named workflows: Essay, D3Dashboards, Visualize, Mermaid, TechnicalDiagrams, Taxonomies, Timelines, Frameworks, Comparisons, AnnotatedScreenshots, RecipeCards, Aphorisms, Maps, Stats, Comics, YouTubeThumbnailChecklist, AdHocYouTubeThumbnail, CreatePAIPackIcon, LogoWallpaper, RemoveBackground. SKILLCUSTOMIZATIONS loads PREFERENCES.md, CharacterSpecs.md, and SceneConstruction.md. --remove-bg flag produces transparent-background PNG (can produce black backgrounds — verify visually). Up to 14 reference images per request (5 human, 6 object Gemini API limit). Output staged to ~/Downloads/ for preview before any project directory copy. Nano Banana Pro uses --size for resolution tier 1K/2K/4K and separate --aspect-ratio. USE WHEN: art, illustration, diagram, flowchart, infographic, header image, thumbnail, visualize, generate image, mermaid, architecture diagram, comic, icon, blog art, framework diagram, D3 chart, remove background, wallpaper. NOT FOR video or animation (use Remotion). NOT FOR the user's personal portrait/headshot (use a dedicated headshot skill).
108