arabic-threat-intel
The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, search the dark web via Tor, and enumerate subdomains via Certificate Transparency logs. Works for any region — Middle East, Africa, Asia, or global. No API keys required.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/abdullah944/threat-intelArabic Threat Intelligence
The only Arabic-first OSINT and threat intelligence skill for OpenClaw. Works globally — not limited to any single country or region.
Why This Skill
99% of OSINT skills are English-only. Arabic-speaking analysts, security teams, and researchers lack native-language tooling. This skill bridges that gap with full bilingual (Arabic + English) support.
Commands
Monitor Telegram Channels
Use arabic-threat-intel channel hak994
Use arabic-threat-intel channel anyChannelName --lang both
Scrapes public Telegram channels. Returns posts with timestamps, auto-translates Hebrew/Farsi mentions.
Generate Threat Report
Use arabic-threat-intel report "critical infrastructure"
Use arabic-threat-intel report "ransomware" --lang both
Monitors tracked threat actor channels and generates a structured bilingual threat brief ready for leadership or SOC teams.
Dark Web Search
Use arabic-threat-intel darkweb "company name data leak"
Use arabic-threat-intel darkweb "اسم الشركة تسريب"
Searches dark web indexes via Tor. Accepts Arabic or English queries. Returns .onion links with risk assessment.
CT Log Subdomain Scan
Use arabic-threat-intel scan example.com
Use arabic-threat-intel scan target-domain.org
Passive subdomain discovery via Certificate Transparency logs (crt.sh). Flags takeover candidates, dev/test servers, VPN and admin panels.
Tracked Threat Groups
| Group | Platform | Origin | Targeting |
|---|---|---|---|
| Fatimion Cyber Team | Telegram @hak994 | Iran | Infrastructure, Oil & Gas |
| 313 Team | Telegram @xX313XxTeam | Iran | Government sites |
| Fattah Cyber | Telegram @fattah_irili | Iran | Tech, Media |
| Handala Hack | Web | Iran (MOIS) | Financial, Defense |
| Various APT34/MuddyWater | Multiple | Iran | Telecom, Energy |
Output Options
| Flag | Description |
|---|---|
--lang ar | Arabic only (RTL output) |
--lang en | English only |
--lang both | Bilingual report (default) |
--region me | Middle East focus |
--region africa | Africa focus |
--region all | Global (default) |
Requirements
- No API keys required for CT log scanning and Telegram monitoring
- Optional: Tor for dark web search (
service tor start) - Python 3.10+ (pre-installed with OpenClaw)
Use Cases
- 🔒 SOC teams monitoring Arabic-language threat actors
- 🕵️ OSINT investigators tracking dark web activity
- 📰 Journalists covering cybersecurity in the Middle East
- 🎓 Security researchers and students learning Arabic OSINT
- 🏢 Enterprise security teams with MENA exposure
- 🌍 Any analyst tracking Iran-linked APT groups globally
Security & Ethics
This skill performs passive OSINT only. All sources are publicly accessible:
- Telegram public channels (t.me/s/)
- Certificate Transparency logs (crt.sh)
- Dark web search engines via Tor (Ahmia, OnionLand)
No active exploitation. No unauthorized scanning.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-abdullah944-threat-intel": {
"enabled": true,
"auto_update": true
}
}
}Tags
Related Skills
Lead Radar
Every morning, scans Reddit, Hacker News, Indie Hackers, Stack Overflow, Quora, Hashnode, Dev.to, GitHub, and Lobsters for people actively asking for what you sell. Delivers the top 10 buying-intent leads to your Telegram with a pre-drafted reply. Powered by Gemini 2.5 Flash.
afrexai-observability-engine
Complete observability & reliability engineering system. Use when designing monitoring, implementing structured logging, setting up distributed tracing, building alerting systems, creating SLO/SLI frameworks, running incident response, conducting post-mortems, or auditing system reliability. Covers all three pillars (logs/metrics/traces), alert design, dashboard architecture, on-call operations, chaos engineering, and cost optimization.
agent3-hub
Universal AI resource registry — search and invoke agents, MCP servers, and APIs through a single MCP endpoint. Includes Telegram content search, Google search, X/Twitter search, and more.
scar-safety
Agent safety that learns from incidents. Reflex arc blocks repeat threats without LLM calls.
youtube-summarizer
Automatically fetch YouTube video transcripts, generate structured summaries, and send full transcripts to messaging platforms. Detects YouTube URLs and provides metadata, key insights, and downloadable transcripts.