@clawhub-abdullah944-14434837b2
Explain Qur'an verses respectfully in simple Arabic and English with translation notes, vocabulary, tafsir summaries, context, lessons, and clear limits arou...
---
name: quran-explainer
description: Explain Qur'an verses respectfully in simple Arabic and English with translation notes, vocabulary, tafsir summaries, context, lessons, and clear limits around fatwa or sectarian claims.
version: 0.1.0
homepage: https://clawhub.ai
metadata: {"openclaw":{"emoji":"📖","tags":["quran","islam","tafsir","arabic","education","religion"]}}
---
# Quran Explainer — مفسّر القرآن
Use this skill when the user wants a respectful, educational explanation of a Qur'an verse, surah, theme, Arabic word, or lesson.
## Support / Donate
If this skill helped you, you can support the creator here:
- Donation link: https://www.paypal.com/donate/?hosted_button_id=MJHCRZA9Z4X7Y
Replace the link above before publishing.
## Primary outcomes
Produce one of these outputs based on the user request:
1. **Simple verse explanation** — easy meaning of one ayah or short passage.
2. **Arabic + English explanation** — bilingual explanation for learners.
3. **Vocabulary breakdown** — key Arabic words, roots, and simple meanings.
4. **Tafsir summary** — careful summary from known tafsir sources without long copying.
5. **Reflection notes** — practical lessons, reminders, and action points.
6. **Study guide** — questions, memory aids, and short revision notes.
## Safety and respect rules
- Treat the Qur'an with respect and avoid jokes, mockery, or casual misuse.
- Do not claim to be a scholar, mufti, imam, or final religious authority.
- Do not issue binding fatwas. For legal rulings, family matters, finance, medical issues, or disputes, advise the user to ask a qualified scholar.
- Do not invent ayah numbers, hadith, translations, chains, or tafsir claims.
- If unsure, say clearly that the point needs verification.
- Prefer citing the surah name, ayah number, and source names when available.
- Summarize tafsir in your own words. Do not copy long passages from copyrighted translations or books.
- Mention when scholars differ, and present differences calmly without attacking any group.
- Do not promote sectarian hatred, takfir, harassment, or violence.
- If the user asks for manipulation, hate, or harmful use of religious text, refuse and redirect to peaceful learning.
## Recommended workflow
1. Identify the request:
- Ayah, surah, theme, Arabic word, story, lesson, or memorization help.
- Language: Arabic, English, or both.
- Level: child-friendly, beginner, intermediate, detailed study.
2. Verify the reference:
- Confirm surah name and ayah number when possible.
- If the user gives only a phrase, ask for the ayah or explain that the exact reference needs checking.
3. Build the explanation:
- Start with the reference.
- Give a brief translation-style meaning.
- Explain key words.
- Add context only when known and relevant.
- Add tafsir summary from reliable classical or widely used sources when available.
- Add practical lessons.
- Add uncertainty notes if anything is not verified.
4. Keep the tone:
- Clear, humble, respectful, and educational.
- Avoid overcomplicating unless the user asks for depth.
## Output templates
### Simple ayah explanation
```markdown
# <Surah name> <ayah number> — Simple Explanation
## Meaning in simple words
<plain explanation>
## Key Arabic words
- **<word>**: <meaning>
- **<word>**: <meaning>
## Main lesson
<lesson>
## Reflection
<1–3 practical reminders>
## Note
This is an educational summary, not a fatwa.
```
### Arabic + English explanation
```markdown
# Explanation / الشرح
## Reference / المرجع
<surah and ayah>
## English
<simple explanation>
## العربية
<شرح مبسّط بالعربية>
## Vocabulary / المفردات
- <word>: <meaning>
## Lessons / الفوائد
1.
2.
3.
## Caution / تنبيه
This is for learning. For religious rulings, ask a qualified scholar.
```
### Tafsir study format
```markdown
# Tafsir Notes: <Surah> <Ayah>
## Quick meaning
<summary>
## Context
<known context, if verified>
## Tafsir summary
- Common explanation:
- Important detail:
- Difference of opinion, if relevant:
## Arabic language notes
- Root:
- Grammar note:
- Related words:
## Lessons
- Personal lesson:
- Community lesson:
- Worship/action point:
## Verification note
<mention what was verified and what remains uncertain>
```
## Example user prompts
- “Explain Ayat al-Kursi in simple English.”
- “اشرح سورة الفاتحة بطريقة سهلة.”
- “Give me the key Arabic words in Surah Al-Ikhlas.”
- “What is the lesson from Surah Ad-Duha?”
- “Explain this ayah for a beginner: 94:5.”
- “Make a Quran study note in Arabic and English.”
## Preferred answer style
- Start simple, then add depth.
- Use headings and short sections.
- Include Arabic terms only when helpful.
- Clearly separate: meaning, tafsir, language notes, and reflection.
- End with a humble reminder when the topic touches religious rulings.
FILE:EXAMPLES.md
# Quran Explainer Examples
## Example 1
User: Explain Surah Al-Fatihah in simple English.
Assistant should provide:
- Reference
- Simple meaning
- Key words
- Main lessons
- Reminder that this is educational, not a fatwa
## Example 2
User: اشرح آية الكرسي للأطفال.
Assistant should provide:
- شرح عربي مبسط
- كلمات مهمة
- فوائد عملية
- أسلوب محترم وسهل
Research public social-media and web trends, compare signals across platforms, summarize trend opportunities, and produce safe bilingual trend briefs without...
---
name: social-trend-radar
description: Research public social-media and web trends, compare signals across platforms, summarize trend opportunities, and produce safe bilingual trend briefs without scraping private data or bypassing platform rules.
version: 0.1.0
homepage: https://clawhub.ai
metadata: {"openclaw":{"emoji":"📈","tags":["social-media","trends","research","marketing","content","arabic"],"requires":{"bins":["curl"]}}}
---
# Social Trend Radar
Use this skill when the user wants to discover, compare, or summarize current trends from public social platforms, news, search interest, creator communities, or niche web communities.
## Primary outcomes
Produce one of these outputs based on the user request:
1. **Trend brief** — short ranked list of current trends with evidence and recommended content angles.
2. **Platform comparison** — what is trending across TikTok, X/Twitter, Instagram, YouTube, Reddit, Google Trends, or public news.
3. **Content plan** — hooks, titles, hashtags, posting ideas, and risk notes.
4. **Arabic/English trend report** — bilingual summary for Arabic-speaking creators or brands.
## Safety and compliance rules
- Use only public pages, official APIs, RSS feeds, search results, or user-provided exports.
- Do not request or use passwords, cookies, session tokens, private API keys, or stolen data.
- Do not bypass logins, paywalls, rate limits, CAPTCHAs, robots.txt restrictions, or platform anti-scraping controls.
- Do not run obfuscated commands, downloaded scripts, cryptocurrency wallet tools, credential scanners, or browser-profile extractors.
- Never collect personal data about private individuals. Focus on aggregate trends, public creators, brands, topics, keywords, hashtags, and content formats.
- If a platform blocks automated access, stop and ask the user for an official export, API access, or public URL list.
## Recommended workflow
1. Clarify the target:
- Platform(s): TikTok, X/Twitter, Instagram, YouTube, Reddit, Google Trends, news, forums, or all public web.
- Market/language: global, US, GCC, Kuwait, Saudi, Arabic, English, gaming, AI, fashion, etc.
- Time window: today, this week, last 30 days.
- Goal: viral content, product ideas, game asset ideas, YouTube ideas, ad angles, or brand research.
2. Gather public signals:
- Check official trending pages, platform search pages, public hashtags, RSS feeds, subreddit hot pages, news results, and Google Trends when available.
- Save source URLs and timestamps.
- Prefer multiple weak signals over one unsupported claim.
3. Score each trend from 1–5:
- Velocity: is it rising now?
- Relevance: does it fit the user’s niche?
- Saturation: is there still room to post?
- Monetization: can it create sales, leads, downloads, or views?
- Risk: legal, brand safety, misinformation, privacy, or platform-policy concerns.
4. Produce the report:
- Rank 5–10 trends.
- Include evidence, why it matters, who should use it, content ideas, hashtags/search terms, and cautions.
- Mark anything uncertain as uncertain.
- Separate facts from recommendations.
## Output templates
### Quick trend brief
| Rank | Trend | Evidence | Score | Best angle | Risk |
|---:|---|---|---:|---|---|
| 1 | | | /5 | | |
After the table, add:
- **Top pick:**
- **Fast content idea:**
- **Best platform:**
- **What to avoid:**
### Full trend report
```markdown
# Trend Report: <niche/market/date>
## Executive summary
<3–5 bullets>
## Ranked trends
### 1. <trend name>
- Evidence:
- Why it is rising:
- Audience:
- Suggested content:
- Suggested hashtags/search terms:
- Monetization angle:
- Risk notes:
- Confidence: High / Medium / Low
## 7-day action plan
Day 1:
Day 2:
Day 3:
Day 4:
Day 5:
Day 6:
Day 7:
## Sources checked
- <source URL> — <timestamp>
```
### Bilingual Arabic/English mini brief
```markdown
# Trend Brief / تقرير الترندات
## English
<trend summary>
## العربية
<ملخص الترند>
## Content ideas / أفكار محتوى
1.
2.
3.
## Risk notes / ملاحظات المخاطر
-
```
## Example user prompts
- “Find trending game asset ideas for itch.io this week.”
- “Give me Arabic TikTok content trends for Kuwait restaurants.”
- “Compare what is trending in AI tools across YouTube, Reddit, and X.”
- “Make a 7-day content plan based on today’s gaming trends.”
- “Give me viral hooks for a dark fantasy pixel art asset pack.”
The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, sear...
---
name: arabic-threat-intel
slug: arabic-threat-intel
display_name: "Arabic Threat Intelligence — استخبارات المصادر المفتوحة"
version: 1.0.0
author: neo-kw
license: MIT
tags:
- osint
- threat-intelligence
- arabic
- cybersecurity
- telegram
- dark-web
- apt
- middle-east
- incident-response
validation:
tested_on: "OpenClaw 2026.3.13"
requires_tools:
- exec
- read
- write
no_api_key_required: true
optional:
- tor (for dark web search)
changelog:
- version: "1.0.0"
date: "2026-03-18"
changes:
- "Initial release"
- "Arabic Telegram channel OSINT monitoring"
- "Bilingual Arabic/English threat report generation"
- "Dark web search via Tor"
- "CT log passive subdomain discovery"
- "Iran-linked APT group tracking"
description: "The only Arabic-first OSINT and threat intelligence skill. Monitor Arabic-language threat actor channels on Telegram, generate bilingual threat reports, search the dark web via Tor, and enumerate subdomains via Certificate Transparency logs. Works for any region — Middle East, Africa, Asia, or global. No API keys required."
argument-hint: "<channel|report|darkweb|scan> [target] [--lang ar|en|both] [--region all|me|africa|asia]"
---
# Arabic Threat Intelligence
The **only Arabic-first** OSINT and threat intelligence skill for OpenClaw. Works globally — not limited to any single country or region.
## Why This Skill
99% of OSINT skills are English-only. Arabic-speaking analysts, security teams, and researchers lack native-language tooling. This skill bridges that gap with full bilingual (Arabic + English) support.
## Commands
### Monitor Telegram Channels
```
Use arabic-threat-intel channel hak994
Use arabic-threat-intel channel anyChannelName --lang both
```
Scrapes public Telegram channels. Returns posts with timestamps, auto-translates Hebrew/Farsi mentions.
### Generate Threat Report
```
Use arabic-threat-intel report "critical infrastructure"
Use arabic-threat-intel report "ransomware" --lang both
```
Monitors tracked threat actor channels and generates a structured bilingual threat brief ready for leadership or SOC teams.
### Dark Web Search
```
Use arabic-threat-intel darkweb "company name data leak"
Use arabic-threat-intel darkweb "اسم الشركة تسريب"
```
Searches dark web indexes via Tor. Accepts Arabic or English queries. Returns .onion links with risk assessment.
### CT Log Subdomain Scan
```
Use arabic-threat-intel scan example.com
Use arabic-threat-intel scan target-domain.org
```
Passive subdomain discovery via Certificate Transparency logs (crt.sh). Flags takeover candidates, dev/test servers, VPN and admin panels.
## Tracked Threat Groups
| Group | Platform | Origin | Targeting |
|-------|----------|--------|-----------|
| Fatimion Cyber Team | Telegram @hak994 | Iran | Infrastructure, Oil & Gas |
| 313 Team | Telegram @xX313XxTeam | Iran | Government sites |
| Fattah Cyber | Telegram @fattah_irili | Iran | Tech, Media |
| Handala Hack | Web | Iran (MOIS) | Financial, Defense |
| Various APT34/MuddyWater | Multiple | Iran | Telecom, Energy |
## Output Options
| Flag | Description |
|------|-------------|
| `--lang ar` | Arabic only (RTL output) |
| `--lang en` | English only |
| `--lang both` | Bilingual report (default) |
| `--region me` | Middle East focus |
| `--region africa` | Africa focus |
| `--region all` | Global (default) |
## Requirements
- **No API keys required** for CT log scanning and Telegram monitoring
- **Optional:** Tor for dark web search (`service tor start`)
- Python 3.10+ (pre-installed with OpenClaw)
## Use Cases
- 🔒 SOC teams monitoring Arabic-language threat actors
- 🕵️ OSINT investigators tracking dark web activity
- 📰 Journalists covering cybersecurity in the Middle East
- 🎓 Security researchers and students learning Arabic OSINT
- 🏢 Enterprise security teams with MENA exposure
- 🌍 Any analyst tracking Iran-linked APT groups globally
## Security & Ethics
This skill performs **passive OSINT only**. All sources are publicly accessible:
- Telegram public channels (t.me/s/)
- Certificate Transparency logs (crt.sh)
- Dark web search engines via Tor (Ahmia, OnionLand)
No active exploitation. No unauthorized scanning.
FILE:CHANGELOG.md
# Changelog — Arabic Threat Intelligence
All notable changes to this skill will be documented here.
## [1.0.0] — 2026-03-18
### Added
- Arabic Telegram channel monitoring (Fatimion @hak994, 313 Team @xX313XxTeam, Fattah Cyber @fattah_irili, Handala Hack)
- Bilingual Arabic/English threat report generation
- Dark web search via Tor (Ahmia, OnionLand, 14+ dark web search engines)
- CT log subdomain discovery via crt.sh (no API key required)
- Gulf region filtering (Kuwait, Saudi Arabia, UAE, Qatar, MENA)
- Language options: Arabic only, English only, or bilingual
- Zero API keys required for core functionality
- Tor integration for anonymous dark web access
FILE:scripts/run.py
#!/usr/bin/env python3
"""
Arabic Threat Intelligence Tool
Monitor Arabic-language threat actor channels, generate bilingual reports,
search dark web via Tor, enumerate subdomains via CT logs.
Usage: python3 run.py <command> [args]
"""
import sys, subprocess, json, re
def scrape_telegram(channel):
try:
p = subprocess.run(["curl","-sL","--max-time","10",f"https://t.me/s/{channel}"],
capture_output=True,text=True,timeout=12)
msgs = re.findall(r'class="tgme_widget_message_text[^>]*>(.*?)</div>',p.stdout,re.DOTALL)
times = re.findall(r'<time[^>]*datetime="([^"]+)"',p.stdout)
out = []
for i,m in enumerate(msgs[-8:]):
clean = re.sub(r'<[^>]+>',' ',m).strip()[:300]
t = times[-(8-i)] if i < len(times) else ''
out.append({"text":clean,"time":t})
return out
except:
return []
def dark_web_search(query):
engines = [
"http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/search/?q={}",
"http://3bbad7fauom4d6sgppalyqddsqbf5u5p56b5k5uk2zxsy3d6ey2jobad.onion/search?q={}",
]
results = []
for engine in engines:
try:
p = subprocess.run(["torsocks","curl","-sL","--max-time","15",engine.format(query)],
capture_output=True,text=True,timeout=20)
links = re.findall(r'href="(http://[a-z0-9]+\.onion[^"]*)"',p.stdout)
titles = re.findall(r'<a[^>]*href="http://[^"]+"[^>]*>([^<]+)',p.stdout)
for i,link in enumerate(links[:5]):
title = titles[i] if i < len(titles) else link
results.append({"title":title.strip()[:80],"link":link})
except:
pass
return results[:10]
def ct_scan(domain):
try:
p = subprocess.run(["curl","-s","--max-time","15",f"https://crt.sh/?q=%25.{domain}&output=json"],
capture_output=True,text=True,timeout=18)
d = json.loads(p.stdout)
names = set()
for c in d:
for n in c.get('name_value','').split('\n'):
n = n.strip()
if n and '*' not in n: names.add(n)
# Flag interesting ones
interesting_keywords = ['admin','api','dev','test','vpn','mail','staging','internal','beta','old']
flagged = [n for n in names if any(k in n.lower() for k in interesting_keywords)]
return {"all":sorted(names),"flagged":flagged}
except:
return {"all":[],"flagged":[]}
DEFAULT_CHANNELS = ['hak994','xX313XxTeam','fattah_irili','elamharbi']
args = sys.argv[1:]
cmd = args[0] if args else 'help'
lang = next((args[i+1] for i,a in enumerate(args) if a=='--lang' and i+1<len(args)),'both')
if cmd == 'channel':
ch = args[1] if len(args)>1 and not args[1].startswith('-') else 'hak994'
posts = scrape_telegram(ch)
print(f"\n📡 @{ch} — {len(posts)} recent posts\n{'─'*50}")
for p in posts:
print(f"[{p['time'][:16]}]\n{p['text'][:200]}\n")
elif cmd == 'report':
topic = ' '.join([a for a in args[1:] if not a.startswith('-')]) or 'threat intelligence'
print(f"\n{'═'*50}\n🔍 THREAT INTELLIGENCE REPORT\nTopic: {topic}\n{'═'*50}")
for ch in DEFAULT_CHANNELS:
posts = scrape_telegram(ch)
if posts:
print(f"\n📡 @{ch} ({len(posts)} posts):")
for p in posts[:3]:
print(f" • {p['text'][:100]}")
print(f"\n{'─'*50}\nReport generated. Review and verify before sharing.")
elif cmd == 'darkweb':
query = ' '.join([a for a in args[1:] if not a.startswith('-')]) or 'data leak'
print(f"\n🕵️ Dark Web Search: {query}")
print("(Searching via Tor — may take 30-60 seconds...)")
results = dark_web_search(query)
if results:
print(f"\nFound {len(results)} results:")
for r in results:
print(f" • {r['title']}\n {r['link']}")
else:
print("No results found or Tor unavailable.")
elif cmd == 'scan':
domain = args[1] if len(args)>1 else 'example.com'
print(f"\n🔬 CT Log Scan: {domain}")
result = ct_scan(domain)
all_subs = result['all']
flagged = result['flagged']
print(f"Total subdomains: {len(all_subs)}")
if flagged:
print(f"\n⚠️ Interesting ({len(flagged)}):")
for s in flagged[:20]: print(f" 🎯 {s}")
print(f"\nAll subdomains ({min(len(all_subs),30)} shown):")
for s in sorted(all_subs)[:30]: print(f" {s}")
else:
print("""
Arabic Threat Intelligence Tool — OSINT for Arabic threat actors
Commands:
channel <name> Monitor a Telegram channel
report <topic> Generate threat report from all channels
darkweb <query> Search dark web via Tor
scan <domain> CT log subdomain discovery
Options:
--lang ar|en|both Output language (default: both)
--region me|africa|asia|all Target region (default: all)
Examples:
python3 run.py channel hak994
python3 run.py report "ransomware campaign"
python3 run.py darkweb "company data leak"
python3 run.py scan target-company.com
""")