{"name":"TeleSint","description":"Real-time Telegram threat intelligence API. Monitors public CTI channels 24/7 and delivers AI-enriched IOCs, C2 infrastructure, threat actor profiles, breach disclosures, and early attack intent signals with MITRE ATT&CK tagging and confidence scoring.","url":"https://telesint-api.onrender.com","version":"1.0.0","documentationUrl":"https://telesint-api.onrender.com/SKILL.md","payment":{"protocol":"x402","network":"eip155:8453","asset":"USDC"},"a2aEndpoint":"https://telesint-api.onrender.com/a2a","skills":[{"id":"ioc-lookup","name":"IOC Lookup","description":"Query Indicators of Compromise by type (ip, domain, url, hash, cve), severity, confidence, TLP, and time range. Returns defanged indicators with MITRE ATT&CK context. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.01 USDC","price_usd":0.01,"path":"/ioc"},{"id":"c2-infrastructure","name":"C2 Infrastructure","description":"Query Command-and-Control infrastructure by framework (cobalt_strike, sliver, havoc, brute_ratel). Returns panels, listeners, beacons with MITRE C2 technique tags. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.02 USDC","price_usd":0.02,"path":"/c2"},{"id":"threat-actor-profiles","name":"Threat Actor Profiles","description":"Query threat actor profiles by name, nation-state attribution, motivation, and MITRE technique. Returns actor aliases, TTPs, targets, and country of origin. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.02 USDC","price_usd":0.02,"path":"/actor"},{"id":"breach-disclosures","name":"Breach Disclosures","description":"Query breach announcements and data leak disclosures from Telegram by sector, country, or organization. Returns breach target details, data types exposed, and source channel. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.03 USDC","price_usd":0.03,"path":"/breach"},{"id":"attack-intent-signals","name":"Attack Intent Signals","description":"Query pre-attack signals: initial access sales, 0day disclosures, ransomware group targeting announcements. These signals appear BEFORE attacks land. Filter by sector, country, or intent type. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.05 USDC","price_usd":0.05,"path":"/intent"},{"id":"threat-intel-feed","name":"Full Threat Intel Feed","description":"Unified paginated feed across all intelligence categories. Filter by category, severity, confidence, TLP, tag, or time range. Ideal for SIEM ingestion and agents that process all intel types. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.05 USDC","price_usd":0.05,"path":"/feed"},{"id":"vulnerability-intel","name":"Vulnerability Intelligence","description":"CVEs and exploitation-in-the-wild signals from Telegram CTI channels. Filter by severity, min_confidence, since, tag, ttp. Returns CVE IDs, affected products, MITRE techniques, and exploit availability. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.03 USDC","price_usd":0.03,"path":"/vulnerability"},{"id":"cross-category-search","name":"Cross-Category Search","description":"Keyword pivot across all intel categories in one call. Use ?q= for broad keyword search or combine any filter params (category, sector, country, tag, ttp, severity). Ideal for ad-hoc threat pivoting. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.04 USDC","price_usd":0.04,"path":"/search"},{"id":"ransomware-intel","name":"Ransomware Intelligence","description":"Ransomware group victim posts, leak site announcements, extortion demands, and group activity (LockBit, BlackCat, Cl0p, RansomHub, Play, Akira, etc.). Filter by severity, sector, country, tag. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.04 USDC","price_usd":0.04,"path":"/ransomware"},{"id":"malware-intel","name":"Malware Intelligence","description":"Malware family analysis: new sample drops, behavior descriptions, packer/loader details, malware-as-a-service offerings. Covers stealers, RATs, loaders, backdoors. Filter by tag, severity, since. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.02 USDC","price_usd":0.02,"path":"/malware"},{"id":"darkweb-intel","name":"Dark Web Intelligence","description":"Dark web marketplace listings, underground forum chatter, access broker posts, credential shops, Tor site activity. Filter by sector, country, organization, tag. Input: query params. Output: paginated JSON array.","inputModes":["application/json"],"outputModes":["application/json"],"price":"$0.03 USDC","price_usd":0.03,"path":"/darkweb"}]}