Customization
Before executing, check for user customizations at:
~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/OSINT/
If this directory exists, load and apply any PREFERENCES.md, configurations, or resources found there. These override default behavior. If the directory does not exist, proceed with skill defaults.
🚨 MANDATORY: Voice Notification (REQUIRED BEFORE ANY ACTION)
You MUST send this notification BEFORE doing anything else when this skill is invoked.
- •
Send voice notification:
bashcurl -s -X POST http://localhost:8888/notify \ -H "Content-Type: application/json" \ -d '{"message": "Running the WORKFLOWNAME workflow in the OSINT skill to ACTION"}' \ > /dev/null 2>&1 & - •
Output text notification:
codeRunning the **WorkflowName** workflow in the **OSINT** skill to ACTION...
This is not optional. Execute this curl command immediately upon skill invocation.
OSINT Skill
Open Source Intelligence gathering for authorized investigations.
Workflow Routing
| Investigation Type | Workflow | Context |
|---|---|---|
| People lookup | Workflows/PeopleLookup.md | SOURCES.JSON |
| Company lookup | Workflows/CompanyLookup.md | SOURCES.JSON |
| Investment due diligence | Workflows/CompanyDueDiligence.md | SOURCES.JSON |
| Entity/threat intel | Workflows/EntityLookup.md | SOURCES.JSON |
| Domain/subdomain investigation | Workflows/DomainLookup.md | SOURCES.JSON |
| Organization/NGO/gov research | Workflows/OrganizationLookup.md | SOURCES.JSON |
| Discover new OSINT sources | Workflows/DiscoverOSINTSources.md | SOURCES.JSON |
Trigger Patterns
People OSINT:
- •"do OSINT on [person]", "research [person]", "background check on [person]"
- •"who is [person]", "find info about [person]", "investigate this person"
-> Route to
Workflows/PeopleLookup.md
Company OSINT:
- •"do OSINT on [company]", "research [company]", "company intelligence"
- •"what can you find about [company]", "investigate [company]"
-> Route to
Workflows/CompanyLookup.md
Investment Due Diligence:
- •"due diligence on [company]", "vet [company]", "is [company] legitimate"
- •"assess [company]", "should we work with [company]"
-> Route to
Workflows/CompanyDueDiligence.md
Entity/Threat Intel:
- •"investigate [entity]", "threat intelligence on [entity]", "is this malicious"
- •"research this threat actor", "analyze [entity]", "check this IP"
-> Route to
Workflows/EntityLookup.md
Domain/Subdomain Investigation:
- •"investigate domain", "check domain", "subdomain enumeration"
- •"domain recon on [domain]", "what subdomains does [domain] have"
- •"DNS investigation", "certificate transparency for [domain]"
-> Route to
Workflows/DomainLookup.md
Organization/NGO/Government:
- •"research organization", "investigate NGO", "research agency"
- •"who is [organization]", "investigate [nonprofit]", "research [government agency]"
- •"what do we know about [association]", "background on [institution]"
-> Route to
Workflows/OrganizationLookup.md
Authorization (REQUIRED)
Before ANY investigation, verify:
- • Explicit authorization from client
- • Clear scope definition
- • Legal compliance confirmed
- • Documentation in place
STOP if any checkbox is unchecked. See EthicalFramework.md for details.
Resource Index
| File | Purpose |
|---|---|
SOURCES.JSON | Master catalog of 279 OSINT sources across 8 categories |
SOURCES.md | Human-readable source reference with descriptions and access info |
EthicalFramework.md | Authorization, legal, ethical boundaries |
Methodology.md | Collection methods, verification, reporting |
PeopleTools.md | People search, social media, public records (legacy — use SOURCES.JSON) |
CompanyTools.md | Business databases, DNS, tech profiling (legacy — use SOURCES.JSON) |
EntityTools.md | Threat intel, scanning, malware analysis (legacy — use SOURCES.JSON) |
Integration
Automatic skill invocations:
- •Research Skill - Parallel researcher agent deployment (REQUIRED)
- •Recon Skill - Technical infrastructure reconnaissance
Agent fleet patterns:
- •Quick lookup: 4-6 agents
- •Standard investigation: 8-16 agents
- •Comprehensive due diligence: 24-32 agents
Researcher types:
| Researcher | Best For |
|---|---|
| PerplexityResearcher | Current web data, social media, company updates |
| ClaudeResearcher | Academic depth, professional backgrounds |
| GeminiResearcher | Multi-perspective, cross-domain connections |
| GrokResearcher | Contrarian analysis, fact-checking |
File Organization
Active investigations:
~/.claude/MEMORY/WORK/$(jq -r '.work_dir' ~/.claude/MEMORY/STATE/current-work.json)/YYYY-MM-DD-HHMMSS_osint-[target]/
Archived reports:
~/.claude/History/research/YYYY-MM/[target]-osint/
Ethical Guardrails
ALLOWED: Public sources only - websites, social media, public records, search engines, archived content
PROHIBITED: Private data, unauthorized access, social engineering, purchasing breached data, ToS violations
See EthicalFramework.md for complete requirements.
Version: 3.0 (SOURCES.JSON Integration) Last Updated: February 2026