Claude Code Skills
What are Claude Code Skills
Skills are specialized prompts that Claude Code can invoke with /name. OSINT AI One includes 15 skills and 4 agents that cover the complete investigation cycle.
OSINT investigation skills
/osint-investigate <target>
The most powerful skill. Launches the ReAct agent with 28 tools and saves the result as evidence in the active investigation.
Accepts any type of target:
- Technical IOCs:
185.220.101.34,evil.com,http://phishing.net/page,d41d8cd98f00b204e9800998ecf8427e - Contextual queries:
"APT Lazarus group recent activity","Iran cyber conflict"
/osint-investigate 185.220.101.34/osint-investigate "recent activity of Scattered Spider"/osint-recon <domain|IP|email>
Light technical recon: WHOIS, DNS, crt.sh, HTTP headers, VirusTotal. Faster than /osint-investigate, without LLM reasoning. Requires active investigation.
/osint-recon acme-corp.com/osint-recon 185.220.101.34/social-monitor <identity>
Search and monitoring of public social media profiles.
Investigation lifecycle skills
/investigation-init <name>
Create a new investigation: directory structure, SQLite registration, ChromaDB collection.
/investigation-init "Acme Corp Case" --goal "Due diligence"/investigation-init "APT-2024-Q1" --goal "Phishing campaign attribution"/investigation-manage <action>
Manage existing investigations: archive, reactivate, summary.
/investigation-manage archive acme-case/investigation-manage reactivate acme-case/investigation-manage summaryEvidence and entity skills
/evidence-ingest <file|URL>
Complete pipeline: download → SHA-256 → dedup → text extraction → chunks → embeddings → registration.
/evidence-ingest registry-report.pdf/evidence-ingest https://example.com/press-release/evidence-ingest contract-2024.docx/entity-extract <evidence-id|text>
Extract and normalize entities according to FTM ontology from all ingested evidences.
/entity-extract/entity-extract ev_001Claims and verification skills
/claim-track <claim>
Register a verifiable statement linked to specific evidence.
/claim-track "Acme Corp is registered in Madrid according to registry report"/verify-claims
Audit all claims: detect unsupported statements, contradictions and duplicates.
Data and search skills
/db-query <query>
Read-only queries over investigation data.
/db-query "list all companies found"/db-query "verified claims related to IPs"/db-manage <action>
Edit, merge or delete entities, relationships and claims.
/db-manage merge-entities --id1 ent_001 --id2 ent_002/db-manage update-entity --id ent_001 --field name --value "John Garcia Lopez"/memory-query <text>
Semantic search in ChromaDB across all ingested evidences.
/memory-query "contracts with providers in China"/memory-query "mentions of offshore accounts"Alerts and reports skills
/alert-manage
Create and manage semantic alerts scheduled or by entity.
/alert-manage create --entity "Acme Corp" --frequency daily/alert-manage list/report-generate
Generate the final 9-section report with complete traceability.
/report-generateOutput: investigaciones/<slug>/informes/informe-YYYY-MM-DD.md
Context skill (auto-loaded)
osint-context
Assistant identity, ontology, entity normalization rules, report template. Automatically loaded in each session.
The 4 specialized agents
| Agent | Role |
|---|---|
analysis-agent | Pattern correlation, anomaly detection, hypothesis generation |
ingest-worker | Automated evidence pipeline processing |
recon-agent | Autonomous technical reconnaissance |
social-agent | Social media intelligence |
Complete typical workflow
/investigation-init "Acme Corp Case" --goal "Due diligence"
/osint-investigate "acme-corp.com" ← agent analysis + save evidence/osint-investigate "185.220.101.34" ← main server IP/osint-recon acme-corp.com ← detailed technical recon
/evidence-ingest registry-report.pdf ← external documents/evidence-ingest contract-2024.pdf
/entity-extract ← extract people, companies, domains
/claim-track "Acme Corp registered in 2019 according to WHOIS"/verify-claims ← audit quality
/memory-query "foreign investments" ← semantic search
/report-generate ← final report