playbooks

home / skills / danielmiessler / personal_ai_infrastructure / skills

skills skill

/Packs/pai-osint-skill/src/skills

This skill helps you perform authorized OSINT investigations for people, companies, and threats, delivering validated background and risk insights.

npx playbooks add skill danielmiessler/personal_ai_infrastructure --skill skills

Review the files below or copy the command above to add this skill to your agents.

Files (10)
SKILL.md
3.3 KB
---
name: OSINT
description: Open source intelligence gathering. USE WHEN OSINT, due diligence, background check, research person, company intel, investigate.
---

# OSINT Skill

Open Source Intelligence gathering for authorized investigations.

---

## Workflow Routing

| Investigation Type | Workflow | Context |
|-------------------|----------|---------|
| People lookup | `Workflows/PeopleLookup.md` | `PeopleTools.md` |
| Company lookup | `Workflows/CompanyLookup.md` | `CompanyTools.md` |
| Investment due diligence | `Workflows/CompanyDueDiligence.md` | `CompanyTools.md` |
| Entity/threat intel | `Workflows/EntityLookup.md` | `EntityTools.md` |

---

## Trigger Patterns

**People OSINT:**
- "do OSINT on [person]", "research [person]", "background check on [person]"
- "who is [person]", "find info about [person]", "investigate this person"
-> Route to `Workflows/PeopleLookup.md`

**Company OSINT:**
- "do OSINT on [company]", "research [company]", "company intelligence"
- "what can you find about [company]", "investigate [company]"
-> Route to `Workflows/CompanyLookup.md`

**Investment Due Diligence:**
- "due diligence on [company]", "vet [company]", "is [company] legitimate"
- "assess [company]", "should we work with [company]"
-> Route to `Workflows/CompanyDueDiligence.md`

**Entity/Threat Intel:**
- "investigate [domain]", "threat intelligence on [entity]", "is this domain malicious"
- "research this threat actor", "check [domain]", "analyze [entity]"
-> Route to `Workflows/EntityLookup.md`

---

## Authorization (REQUIRED)

**Before ANY investigation, verify:**
- [ ] Explicit authorization from client
- [ ] Clear scope definition
- [ ] Legal compliance confirmed
- [ ] Documentation in place

**STOP if any checkbox is unchecked.** See `EthicalFramework.md` for details.

---

## Resource Index

| File | Purpose |
|------|---------|
| `EthicalFramework.md` | Authorization, legal, ethical boundaries |
| `Methodology.md` | Collection methods, verification, reporting |
| `PeopleTools.md` | People search, social media, public records |
| `CompanyTools.md` | Business databases, DNS, tech profiling |
| `EntityTools.md` | Threat intel, scanning, malware analysis |

---

## Integration

**Automatic skill invocations:**
- **Research Skill** - Parallel researcher agent deployment (REQUIRED)
- **Recon Skill** - Technical infrastructure reconnaissance

**Agent fleet patterns:**
- Quick lookup: 4-6 agents
- Standard investigation: 8-16 agents
- Comprehensive due diligence: 24-32 agents

**Researcher types:**
| Researcher | Best For |
|------------|----------|
| PerplexityResearcher | Current web data, social media, company updates |
| ClaudeResearcher | Academic depth, professional backgrounds |
| GeminiResearcher | Multi-perspective, cross-domain connections |
| GrokResearcher | Contrarian analysis, fact-checking |

---

## File Organization

**Active investigations:**
```
$PAI_DIR/work/scratch/YYYY-MM-DD-HHMMSS_osint-[target]/
```

**Archived reports:**
```
$PAI_DIR/history/research/YYYY-MM/[target]-osint/
```

---

## Ethical Guardrails

**ALLOWED:** Public sources only - websites, social media, public records, search engines, archived content

**PROHIBITED:** Private data, unauthorized access, social engineering, purchasing breached data, ToS violations

See `EthicalFramework.md` for complete requirements.

---

**Version:** 2.3.0
**Last Updated:** January 2026

Overview

This skill provides a structured open-source intelligence (OSINT) capability for authorized investigations into people, companies, domains, and threat actors. It combines workflow routing, researcher agent patterns, and strict ethical guardrails to deliver verifiable, public-source findings. The skill is optimized for scalability—from quick lookups to comprehensive due diligence—and includes clear authorization checks before any collection begins.

How this skill works

The skill routes requests to specialized workflows based on trigger phrases (people, company, due diligence, or entity/threat). It orchestrates parallel researcher agents and technical recon tools, uses curated data sources for people and company profiling, and produces documented, archived reports. Every investigation enforces an authorization checklist and adheres to public-source-only collection and legal requirements.

When to use it

  • Background checks and authorized people research
  • Pre-engagement or vendor due diligence on companies
  • Investigating domains, potential threat actors, or suspicious infrastructure
  • OSINT-led incident triage and threat validation
  • Compiling open-source evidence for compliance or regulatory reviews

Best practices

  • Verify explicit client authorization and scope before any step
  • Use only public sources; never attempt privileged access or social engineering
  • Start with a quick multi-agent lookup, then scale to a comprehensive investigation if needed
  • Document methods, sources, and verification steps to ensure reproducibility
  • Segment active workspaces and archive final reports with timestamps and metadata

Example use cases

  • Perform a people lookup to consolidate social profiles, public records, and professional history for hiring or vetting
  • Run company due diligence to verify incorporation, leadership, funding, and red flags before partnership
  • Investigate a suspicious domain for malicious indicators, DNS history, hosting, and abuse reports
  • Conduct entity/threat intel to map infrastructure, linked domains, and behavioral patterns for incident response
  • Produce an archived OSINT report for compliance evidence or board-level review

FAQ

What authorization is required before starting an investigation?

Explicit client authorization, a defined scope, documented legal compliance, and records of consent are all required; stop if any are missing.

Which sources are allowed and which are prohibited?

Allowed sources are public websites, social media, search indexes, and archival content. Prohibited actions include using private data, paid breached datasets, unauthorized access, and social engineering.