by JacobJandon

OpenClaw skill + standalone tool — full Tor / dark web access for AI agents
OnionClaw gives AI agents full access to the Tor network and .onion hidden services. It runs as an OpenClaw skill (drop-in, zero config beyond a .env file) and also works standalone from any terminal.
Based on the SICRY engine — 18 dark web search engines, Robin OSINT pipeline, four LLM analysis modes.
# As an OpenClaw skill:
cp -r OnionClaw ~/.openclaw/skills/onionclaw
# → agent now has 7 dark web commands available in every session
# Standalone:
python3 check_tor.py # verify Tor
python3 search.py --query "ransomware healthcare"
python3 pipeline.py --query "acme.com data leak" --mode corporate
Autonomous agents paired with the Tor network will be one of the most dangerous automation stacks on the internet within the next five years. OnionClaw is living proof that the rabbit hole goes deeper than most people think.
This tool is built for legitimate OSINT, threat intelligence, and security research. But the same primitives — anonymous routing, bulk scraping, AI-driven synthesis, zero-attribution browsing, automated identity rotation — are precisely what make this combination genuinely dangerous in the wrong hands.
This is not a warning tucked in fine print. It is the whole point of writing it down openly.
| Use case | What it looks like |
|---|---|
| Dark-web crawling | Automated, headless spidering of .onion services at scale — forums, paste sites, markets, leak boards — with full identity rotation between every request. No human ever touches a keyboard. |
| Threat intelligence | Continuous monitoring of ransomware group blogs, initial access broker ads, CVE exploit drops, and actor chatter long before it surfaces on clearnet feeds. |
| Marketplace monitoring | Price tracking, stock alerts, vendor reputation scraping, and availability checks across darknet markets — the same logic a researcher uses to track fentanyl price trends is the same logic a supplier uses to undercut competitors. |
| Credential surveillance | Watching paste boards, breach dumps, and forum leaks for specific email domains, API keys, SSH keys, or internal hostnames the moment they appear — at a scale no human analyst can match. |
| Deanonymisation research | Cross-correlating .onion service metadata with clearnet traces, timing attacks, correlation of writing style and PGP keys — used both by law enforcement hunting criminals and by threat actors hunting journalists and dissidents. |
| Criminal automation | Autonomous agents placing orders, posting ads, messaging vendors, managing mule accounts, draining wallets — an entire criminal operation running without a human ever in the loop. |
| Disinformation infrastructure | Coordinated persona networks on hidden boards, fabricated document drops timed to bleed into legitimate OSINT pipelines, synthetic intelligence that reads real but originates from nowhere. |
| Zero-day brokerage | Automated monitoring of exploit vendor channels, private CVE auction boards, and vulnerability markets — buy-side and sell-side intelligence gathered faster than any human analyst. |
The 2026 internet is already at the edge of this. Within five years, AI agents that can:
…represent a qualitative shift from human criminals using tools to autonomous criminal infrastructure operating at machine speed with no human in the loop. The bottleneck has always been human attention. Remove it and the scaling properties of dark web operations change completely.
OnionClaw demonstrates all four of those primitives working together today. The full pipeline.py step — query refinement → multi-engine search → result filtering → batch scrape → LLM synthesis → identity rotation — is a complete autonomous dark web intelligence loop. Remove the OSINT framing and it is equally a complete autonomous dark web operation loop. The code is the same either way.
Security tools that pretend the dual-use problem does not exist are more dangerous than ones that name it directly. If you are building on top of OnionClaw:
"acme.com credential leak" for a pentest or "rival vendor SSH keys" for espionage..onion services may be illegal in your country regardless of intent or findings.OnionClaw is published for defensive research, red-team engagements, and threat intelligence work. The code does not know the difference between those uses and their inverse. You do. Build accordingly.
Seven commands expose the complete Tor OSINT toolkit:
| Command | What it does |
|---|---|
check_tor.py |
Verify Tor is active, show current exit IP |
renew.py |
Rotate Tor circuit — new exit node, new identity |
check_engines.py |
Ping all 18 dark web search engines, show latency |
search.py |
Search up to 18 engines simultaneously, deduplicated results |
fetch.py |
Fetch any .onion or clearnet URL through Tor |
ask.py |
LLM OSINT analysis of scraped content (4 modes) |
pipeline.py |
Full Robin pipeline: refine → search → filter → scrape → analyse |
127.0.0.1:9050)requests[socks] beautifulsoup4 python-dotenv stemask.py and pipeline.py analysis step)Linux (Debian/Ubuntu):
apt install tor && tor &
macOS:
brew install tor && tor &
With control port (needed for renew.py):
cat > /tmp/onionclaw_tor.conf << 'EOF'
SocksPort 9050
ControlPort 9051
CookieAuthentication 1
DataDirectory /tmp/tor_data
EOF
tor -f /tmp/onionclaw_tor.conf &
Then set TOR_DATA_DIR=/tmp/tor_data in .env.
pip install requests[socks] beautifulsoup4 python-dotenv stem
# Option A — clone directly
git clone https://github.com/JacobJandon/OnionClaw ~/.openclaw/skills/onionclaw
# Option B — copy local folder
cp -r OnionClaw ~/.openclaw/skills/onionclaw
.env in the skill folder:cp ~/.openclaw/skills/onionclaw/.env.example ~/.openclaw/skills/onionclaw/.env
nano ~/.openclaw/skills/onionclaw/.env # add LLM key if desired
onionclaw in the agent context whenever the user asks about dark web topics.Verify OpenClaw can see the skill:
openclaw skills list
# → onionclaw 🧅 Search the Tor dark web...
OpenClaw trigger phrases: - "search the dark web for …" - "investigate this .onion site …" - "check if my data appeared on the dark web" - "find ransomware leaks related to …" - "fetch this .onion URL …" - "run a Tor OSINT investigation on …"
After install, start a new session — existing sessions will not pick up the new skill.
No OpenClaw required. Every script runs directly from a terminal:
git clone https://github.com/JacobJandon/OnionClaw
cd OnionClaw
pip install requests[socks] beautifulsoup4 python-dotenv stem
cp .env.example .env
# Edit .env — add LLM key if desired (optional for most commands)
Copy .env.example to .env and fill in what you need:
# ── Tor ────────────────────────────────────────────────────────────────
TOR_SOCKS_HOST=127.0.0.1
TOR_SOCKS_PORT=9050
TOR_CONTROL_HOST=127.0.0.1
TOR_CONTROL_PORT=9051
# TOR_CONTROL_PASSWORD=your_password # only if HashedControlPassword in torrc
# TOR_DATA_DIR=/tmp/tor_data # DataDirectory path for cookie auth
# ── LLM (needed only for ask.py and pipeline.py analysis step) ──────────
LLM_PROVIDER=openai # openai | anthropic | gemini | ollama | llamacpp
OPENAI_API_KEY=sk-...
# ANTHROPIC_API_KEY=sk-ant-...
# GEMINI_API_KEY=AIza...
# OLLAMA_MODEL=llama3.2 # local model — no API key needed
No LLM key? Set
LLM_PROVIDER=ollamawith a running Ollama instance for fully local inference.search.py,fetch.py,check_tor.py,renew.py, andcheck_engines.pywork with no LLM key at all.
check_tor.py — verify Torpython3 check_tor.py
✓ Tor active
Exit IP : 185.220.101.20
Error : None
{"tor_active": true, "exit_ip": "185.220.101.20", "error": null}
Run this before anything else. Exits with code 1 if Tor is not running or not accessible on port 9050.
renew.py — rotate identitypython3 renew.py
Rotating Tor circuit...
✓ Identity renewed — new Tor circuit established
{"success": true, "error": null}
Auth order: password env var → cookie from TOR_DATA_DIR → common system paths → null auth. Works out of the box with the recommended torrc above or with a standard system Tor install.
check_engines.py — engine health check# Live ping (15–30 s)
python3 check_engines.py
# --cached N: reuse last result if less than N minutes old (skips the slow ping)
python3 check_engines.py --cached 10
# JSON output only
python3 check_engines.py --json
# Show version
python3 check_engines.py --version
ALIVE 9/12
──────────────────────────────────────────
✓ Ahmia-clearnet 670ms ███
✓ Tor66 749ms ███
✓ Ahmia 1139ms █████
✓ OSS 1203ms ██████
...
DOWN 3/12
✗ Kaizer timeout
✗ Anima timeout
✗ FindTor timeout
Run before a large search session. Use the alive engine names as arguments to --engines in search.py.
search.py — search dark web# All 18 engines (default)
python3 search.py --query "ransomware healthcare leak"
# Specific engines (faster — use alive engines from check_engines output)
python3 search.py \
--query "credential dump" \
--engines Ahmia Tor66 Ahmia-clearnet OSS
# Limit result count
python3 search.py --query "bitcoin mixer" --max 30
Returns a deduplicated {title, url, engine} list across all engines.
Tip: Use short keyword queries (3–5 words). Dark web search indexes respond much better to keywords than natural-language sentences.
fetch.py — fetch any .onion page# Hidden service
python3 fetch.py \
--url "http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion"
# With links extracted
python3 fetch.py --url "http://example.onion/page" --links
# JSON output only
python3 fetch.py --url "http://example.onion" --json
Returns: title, text content (up to 8000 chars), extracted links, HTTP status code. A status of 0 means the hidden service is unreachable or offline.
ask.py — LLM OSINT analysis# Inline content
python3 ask.py \
--query "LockBit ransomware" \
--mode ransomware \
--content "page text from scraped pages"
# From file
python3 ask.py \
--query "acme.com" \
--mode corporate \
--file /tmp/scraped_pages.txt
# Pipe from fetch.py
python3 fetch.py --url "http://some.onion" --json | \
python3 -c "import sys,json; print(json.load(sys.stdin)['text'])" | \
python3 ask.py --query "investigate" --mode threat_intel
# Custom analysis focus
python3 ask.py \
--query "mixer services" \
--mode threat_intel \
--content "..." \
--custom "Focus on cryptocurrency wallet addresses only"
Modes: threat_intel · ransomware · personal_identity · corporate — see Analysis modes.
pipeline.py — full investigation (one command)Runs the complete Robin OSINT pipeline automatically:
| Step | What happens |
|---|---|
| 1 | Verify Tor is active |
| 2 | Check which engines are alive |
| 3 | Refine query to ≤5 keywords (LLM) |
| 4 | Search all alive engines |
| 5 | Filter top 20 most relevant resu |
$ claude mcp add OnionClaw \
-- python -m otcore.mcp_server <graph>