OSINT Investigator
Use this skill for broad public-footprint OSINT.
Supported target types include:
- - username / handle
- email address
- person / alias
- organisation / company
- domain / website
- IP address
- phone number
- location / address
- image
Read as needed:
- -
references/target-types.md for classification - INLINECODE1� for investigation flow
- INLINECODE2� for module selection
- INLINECODE3� for source categories
- INLINECODE4� for target platforms and search ideas
- INLINECODE5� for platform-specific validation rules
- INLINECODE6� for profile image handling
- INLINECODE7� for confidence logic
- INLINECODE8� for overall scoring and result merging
- INLINECODE9� for handle-variant generation
- INLINECODE10� for lightweight discovery helpers
- INLINECODE11� for optional defensive breach lookup behavior
- INLINECODE12� for optional API enrichment
- INLINECODE13� for HIBP API key setup
- INLINECODE14� for structured reporting
- INLINECODE15� for acceptable-use boundaries
- INLINECODE16� for response structure
Use scripts when helpful:
- -
scripts/generate_variants.py for plausible username variants - INLINECODE18� for first-pass platform checks with platform-aware validation
- INLINECODE19� for optional Have I Been Pwned email checks
- INLINECODE20� for lightweight domain enrichment
- INLINECODE21� for lightweight IP enrichment
- INLINECODE22� to merge findings into a scored summary
- INLINECODE23� for structured JSON output
- INLINECODE24� for compact report generation from structured results
Use web_search and web_fetch to confirm weak findings, enrich strong ones, and gather public evidence when helper-script results alone are ambiguous.
Core behavior
- - Focus on public data only.
- Prefer lightweight verification over aggressive scraping.
- A 200 HTTP status is not enough to confirm a profile.
- Separate facts from guesses.
- Report confidence, not certainty.
- Keep results structured and easy to audit.
- Prefer a smaller set of verified findings over a noisy wall of guesses.
- Run only the modules relevant to the target.
Workflow
- 1. Classify the target using
references/target-types.md. - Normalize the input.
- Select relevant modules using
references/modules.md. - Run lightweight helper scripts where useful.
- Use targeted web search to confirm or enrich weak and likely matches.
- Capture final links and public profile image URLs when available.
- If an email is provided and HIBP is configured, run a defensive breach check.
- For domains or IPs, run the relevant lightweight helper.
- Record exact matches, likely matches, weak matches, no-results, and not-verifiable results.
- Compare public signals across findings.
- Aggregate the findings into a scored summary using
scripts/aggregate_results.py and references/aggregation.md. - Return a concise human summary or a structured report depending on the request.
- Export JSON if requested.
Output rules
Always distinguish between:
- - confirmed public match
- likely match
- weak/uncertain match
- not verifiable
- no evidence found
Include final links for meaningful findings.
Include profile image links only when they are publicly exposed and easy to extract.
If HIBP is used, report breach results as defensive exposure information, not identity proof.
If using domain/IP helpers, treat them as enrichment, not full attribution.
Do not overclaim identity resolution.
If evidence is thin, say so clearly.
If evidence conflicts, say so clearly.
Lead with the strongest public evidence first.
Prefer the compact format by default; use an extended report only when the user asks for depth.
Safety
Read references/safety.md when the request could drift into harassment, private-person targeting, or invasive tracking.
Do not help with:
- - credential theft
- account takeover
- bypassing access controls
- doxxing
- stalking or targeted harassment
- collecting non-public personal data
- invasive private-person targeting
Style
- - concise
- factual
- audit-friendly
- explicit about uncertainty
OSINT 调查员
使用此技能进行广泛的公开足迹OSINT调查。
支持的目标类型包括:
- - 用户名/昵称
- 电子邮件地址
- 个人/别名
- 组织/公司
- 域名/网站
- IP地址
- 电话号码
- 地点/地址
- 图片
根据需要阅读:
- - references/target-types.md 用于分类
- references/workflow.md 用于调查流程
- references/modules.md 用于模块选择
- references/osint-sources.md 用于来源类别
- references/platforms.md 用于目标平台和搜索思路
- references/platform-validation.md 用于特定平台的验证规则
- references/profile-media.md 用于个人资料图片处理
- references/scoring.md 用于置信度逻辑
- references/aggregation.md 用于总体评分和结果合并
- references/variants.md 用于生成昵称变体
- references/tooling.md 用于轻量级发现辅助工具
- references/breach-checks.md 用于可选的防御性泄露查询行为
- references/apis.md 用于可选的API增强
- references/configuration.md 用于HIBP API密钥设置
- references/report-format.md 用于结构化报告
- references/safety.md 用于可接受使用边界
- references/output.md 用于响应结构
在有用时使用脚本:
- - scripts/generatevariants.py 用于生成合理的用户名变体
- scripts/checkprofiles.py 用于进行带平台感知验证的初步平台检查
- scripts/checkhibp.py 用于可选的Have I Been Pwned电子邮件检查
- scripts/checkdomain.py 用于轻量级域名增强
- scripts/checkip.py 用于轻量级IP增强
- scripts/aggregateresults.py 用于将发现结果合并为带评分的摘要
- scripts/exportjson.py 用于结构化JSON输出
- scripts/buildreport.py 用于从结构化结果生成简洁报告
当辅助脚本结果本身不明确时,使用websearch和webfetch来确认弱发现、增强强发现并收集公开证据。
核心行为
- - 仅关注公开数据。
- 优先使用轻量级验证,而非激进抓取。
- 200 HTTP状态码不足以确认一个个人资料。
- 区分事实与猜测。
- 报告置信度,而非确定性。
- 保持结果结构化且易于审计。
- 优先选择少量已验证的发现,而非大量嘈杂的猜测。
- 仅运行与目标相关的模块。
工作流程
- 1. 使用references/target-types.md对目标进行分类。
- 标准化输入。
- 使用references/modules.md选择相关模块。
- 在有用时运行轻量级辅助脚本。
- 使用针对性网络搜索来确认或增强弱匹配和可能匹配。
- 在可用时捕获最终链接和公开的个人资料图片URL。
- 如果提供了电子邮件且已配置HIBP,则运行防御性泄露检查。
- 对于域名或IP,运行相关的轻量级辅助工具。
- 记录精确匹配、可能匹配、弱匹配、无结果和无法验证的结果。
- 比较各发现中的公开信号。
- 使用scripts/aggregate_results.py和references/aggregation.md将发现结果汇总为带评分的摘要。
- 根据请求返回简洁的人工摘要或结构化报告。
- 如果请求,则导出JSON。
输出规则
始终区分:
- - 已确认的公开匹配
- 可能匹配
- 弱/不确定匹配
- 无法验证
- 未发现证据
为有意义的发现包含最终链接。
仅在个人资料图片公开暴露且易于提取时包含图片链接。
如果使用了HIBP,将泄露结果报告为防御性暴露信息,而非身份证明。
如果使用了域名/IP辅助工具,将其视为增强信息,而非完整归属。
不要过度声称身份解析。
如果证据不足,明确说明。
如果证据冲突,明确说明。
首先呈现最强有力的公开证据。
默认优先使用简洁格式;仅在用户要求深度时使用扩展报告。
安全
当请求可能涉及骚扰、针对个人隐私或侵入性追踪时,阅读references/safety.md。
不要协助:
- - 凭证盗窃
- 账户接管
- 绕过访问控制
- 人肉搜索
- 跟踪或针对性骚扰
- 收集非公开个人数据
- 侵入性针对个人隐私
风格
