Agent-readable OSINT

Dealer Scam Sibling Finder for Agents

This project exposes passive public-web observations about suspected auto-dealer impersonation campaigns. Agents can use the public identity graph to answer questions like: “Does this vehicle listing, dealer domain, phone number, or business identity overlap suspected scam campaign data?”

Discovery

Current Data

Suggested Agent Query Pattern

1. Extract listing URL, apparent business name, dealer domain, phone, image URLs, title, and body text.
2. Query the public identity graph and findings data.
3. Compare against known identities, domains, phones, images, copy, domain creation dates, and Google-found legitimate business data.
4. Explain risk signals cautiously and require verification.

Safety

Do not state that a person or company is criminal based only on this data. Use “suspected,” “likely,” “risk signal,” and “requires verification.” Do not contact suspected scammers, interact with payment systems, bypass access controls, or perform exploitation.

MCP Status

A hosted read-only MCP HTTP JSON-RPC implementation exists in this repository, but the Firebase project must be upgraded to Blaze before the endpoint can be deployed:

POST https://dealer-scam-siblings.web.app/mcp
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "tools/call",
  "params": {
    "name": "check_listing",
    "arguments": {
      "url": "https://example.com/listing",
      "domain": "sky1auto.com",
      "phone": "720-428-2618",
      "title": "1979 Porsche 930"
    }
  }
}

Until then, a local stdio MCP server is available when this repository is installed:

{
  "mcpServers": {
    "dealer-scam-sibling-finder": {
      "command": "scamfinder-mcp",
      "args": [
        "--identity-store", "./runs/identity_graph.json",
        "--latest-dir", "./public/data/latest"
      ]
    }
  }
}