MCPcopy Index your code
hub / github.com/JacobJandon/OnionClaw

github.com/JacobJandon/OnionClaw @v2.3.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v2.3.0 ↗ · + Follow
137 symbols 477 edges 12 files 70 documented · 51%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

OnionClaw 🧅

License: Apache 2.0 CI OpenClaw Skill

by JacobJandon

OnionClaw logo

OpenClaw skill + standalone tool — full Tor / dark web access for AI agents

OnionClaw gives AI agents full access to the Tor network and .onion hidden services. It runs as an OpenClaw skill (drop-in, zero config beyond a .env file) and also works standalone from any terminal.

Based on the SICRY engine — 18 dark web search engines, Robin OSINT pipeline, four LLM analysis modes.

# As an OpenClaw skill:
cp -r OnionClaw ~/.openclaw/skills/onionclaw
# → agent now has 7 dark web commands available in every session

# Standalone:
python3 check_tor.py        # verify Tor
python3 search.py --query "ransomware healthcare"
python3 pipeline.py --query "acme.com data leak" --mode corporate

⚠️ The Rabbit Hole

Autonomous agents paired with the Tor network will be one of the most dangerous automation stacks on the internet within the next five years. OnionClaw is living proof that the rabbit hole goes deeper than most people think.

This tool is built for legitimate OSINT, threat intelligence, and security research. But the same primitives — anonymous routing, bulk scraping, AI-driven synthesis, zero-attribution browsing, automated identity rotation — are precisely what make this combination genuinely dangerous in the wrong hands.

This is not a warning tucked in fine print. It is the whole point of writing it down openly.

What the stack enables — the full map

Use case What it looks like
Dark-web crawling Automated, headless spidering of .onion services at scale — forums, paste sites, markets, leak boards — with full identity rotation between every request. No human ever touches a keyboard.
Threat intelligence Continuous monitoring of ransomware group blogs, initial access broker ads, CVE exploit drops, and actor chatter long before it surfaces on clearnet feeds.
Marketplace monitoring Price tracking, stock alerts, vendor reputation scraping, and availability checks across darknet markets — the same logic a researcher uses to track fentanyl price trends is the same logic a supplier uses to undercut competitors.
Credential surveillance Watching paste boards, breach dumps, and forum leaks for specific email domains, API keys, SSH keys, or internal hostnames the moment they appear — at a scale no human analyst can match.
Deanonymisation research Cross-correlating .onion service metadata with clearnet traces, timing attacks, correlation of writing style and PGP keys — used both by law enforcement hunting criminals and by threat actors hunting journalists and dissidents.
Criminal automation Autonomous agents placing orders, posting ads, messaging vendors, managing mule accounts, draining wallets — an entire criminal operation running without a human ever in the loop.
Disinformation infrastructure Coordinated persona networks on hidden boards, fabricated document drops timed to bleed into legitimate OSINT pipelines, synthetic intelligence that reads real but originates from nowhere.
Zero-day brokerage Automated monitoring of exploit vendor channels, private CVE auction boards, and vulnerability markets — buy-side and sell-side intelligence gathered faster than any human analyst.

The ugly side

The 2026 internet is already at the edge of this. Within five years, AI agents that can:

  1. Browse anonymously through rotating Tor circuits with no persistent identity
  2. Understand context well enough to navigate dark web UIs, CAPTCHA logic, and forum culture without hardcoded selectors
  3. Act autonomously — search, buy, post, exfiltrate, rotate — in closed loops with no human confirmation step
  4. Self-orchestrate across dozens of simultaneous Tor identities on parallel threads

…represent a qualitative shift from human criminals using tools to autonomous criminal infrastructure operating at machine speed with no human in the loop. The bottleneck has always been human attention. Remove it and the scaling properties of dark web operations change completely.

OnionClaw demonstrates all four of those primitives working together today. The full pipeline.py step — query refinement → multi-engine search → result filtering → batch scrape → LLM synthesis → identity rotation — is a complete autonomous dark web intelligence loop. Remove the OSINT framing and it is equally a complete autonomous dark web operation loop. The code is the same either way.

Why this is written explicitly

Security tools that pretend the dual-use problem does not exist are more dangerous than ones that name it directly. If you are building on top of OnionClaw:

  • Know what you are building. The pipeline does not know if the query is "acme.com credential leak" for a pentest or "rival vendor SSH keys" for espionage.
  • Know your jurisdiction. Automated access to dark web content and .onion services may be illegal in your country regardless of intent or findings.
  • Tor is not legal protection. It is operational security. The two are different things with very different limits.
  • AI + Tor + autonomy is not a theoretical threat. It is a present capability. This repo is one of many signals that the tooling is ready.

OnionClaw is published for defensive research, red-team engagements, and threat intelligence work. The code does not know the difference between those uses and their inverse. You do. Build accordingly.


Contents

  1. ⚠️ The Rabbit Hole
  2. What OnionClaw does
  3. Requirements
  4. Install as OpenClaw skill
  5. Standalone install
  6. Configuration
  7. All seven commands
  8. Investigation flows
  9. Analysis modes
  10. Architecture
  11. Troubleshooting
  12. Credits

What OnionClaw does

Seven commands expose the complete Tor OSINT toolkit:

Command What it does
check_tor.py Verify Tor is active, show current exit IP
renew.py Rotate Tor circuit — new exit node, new identity
check_engines.py Ping all 18 dark web search engines, show latency
search.py Search up to 18 engines simultaneously, deduplicated results
fetch.py Fetch any .onion or clearnet URL through Tor
ask.py LLM OSINT analysis of scraped content (4 modes)
pipeline.py Full Robin pipeline: refine → search → filter → scrape → analyse

Requirements

  • Python 3.10+
  • Tor running locally (SOCKS proxy on 127.0.0.1:9050)
  • pip packages: requests[socks] beautifulsoup4 python-dotenv stem
  • LLM key (optional — only needed for ask.py and pipeline.py analysis step)

Install Tor

Linux (Debian/Ubuntu):

apt install tor && tor &

macOS:

brew install tor && tor &

With control port (needed for renew.py):

cat > /tmp/onionclaw_tor.conf << 'EOF'
SocksPort 9050
ControlPort 9051
CookieAuthentication 1
DataDirectory /tmp/tor_data
EOF
tor -f /tmp/onionclaw_tor.conf &

Then set TOR_DATA_DIR=/tmp/tor_data in .env.

Install Python packages

pip install requests[socks] beautifulsoup4 python-dotenv stem

Install as OpenClaw skill

  1. Clone or copy this repo into your OpenClaw skills directory:
# Option A — clone directly
git clone https://github.com/JacobJandon/OnionClaw ~/.openclaw/skills/onionclaw

# Option B — copy local folder
cp -r OnionClaw ~/.openclaw/skills/onionclaw
  1. Configure .env in the skill folder:
cp ~/.openclaw/skills/onionclaw/.env.example ~/.openclaw/skills/onionclaw/.env
nano ~/.openclaw/skills/onionclaw/.env   # add LLM key if desired
  1. Start a new OpenClaw session — the skill loads automatically on startup. OpenClaw includes onionclaw in the agent context whenever the user asks about dark web topics.

Verify OpenClaw can see the skill:

openclaw skills list
# → onionclaw  🧅  Search the Tor dark web...

OpenClaw trigger phrases: - "search the dark web for …" - "investigate this .onion site …" - "check if my data appeared on the dark web" - "find ransomware leaks related to …" - "fetch this .onion URL …" - "run a Tor OSINT investigation on …"

After install, start a new session — existing sessions will not pick up the new skill.


Standalone install

No OpenClaw required. Every script runs directly from a terminal:

git clone https://github.com/JacobJandon/OnionClaw
cd OnionClaw
pip install requests[socks] beautifulsoup4 python-dotenv stem
cp .env.example .env
# Edit .env — add LLM key if desired (optional for most commands)

Configuration

Copy .env.example to .env and fill in what you need:

# ── Tor ────────────────────────────────────────────────────────────────
TOR_SOCKS_HOST=127.0.0.1
TOR_SOCKS_PORT=9050
TOR_CONTROL_HOST=127.0.0.1
TOR_CONTROL_PORT=9051
# TOR_CONTROL_PASSWORD=your_password   # only if HashedControlPassword in torrc
# TOR_DATA_DIR=/tmp/tor_data           # DataDirectory path for cookie auth

# ── LLM (needed only for ask.py and pipeline.py analysis step) ──────────
LLM_PROVIDER=openai          # openai | anthropic | gemini | ollama | llamacpp
OPENAI_API_KEY=sk-...
# ANTHROPIC_API_KEY=sk-ant-...
# GEMINI_API_KEY=AIza...
# OLLAMA_MODEL=llama3.2       # local model — no API key needed

No LLM key? Set LLM_PROVIDER=ollama with a running Ollama instance for fully local inference. search.py, fetch.py, check_tor.py, renew.py, and check_engines.py work with no LLM key at all.


All seven commands

check_tor.py — verify Tor

python3 check_tor.py
✓ Tor active
  Exit IP  : 185.220.101.20
  Error    : None
{"tor_active": true, "exit_ip": "185.220.101.20", "error": null}

Run this before anything else. Exits with code 1 if Tor is not running or not accessible on port 9050.


renew.py — rotate identity

python3 renew.py
Rotating Tor circuit...
✓ Identity renewed — new Tor circuit established
{"success": true, "error": null}

Auth order: password env var → cookie from TOR_DATA_DIR → common system paths → null auth. Works out of the box with the recommended torrc above or with a standard system Tor install.


check_engines.py — engine health check

# Live ping (15–30 s)
python3 check_engines.py

# --cached N: reuse last result if less than N minutes old (skips the slow ping)
python3 check_engines.py --cached 10

# JSON output only
python3 check_engines.py --json

# Show version
python3 check_engines.py --version
ALIVE  9/12
──────────────────────────────────────────
  ✓  Ahmia-clearnet       670ms  ███
  ✓  Tor66                749ms  ███
  ✓  Ahmia               1139ms  █████
  ✓  OSS                 1203ms  ██████
  ...
DOWN   3/12
  ✗  Kaizer     timeout
  ✗  Anima      timeout
  ✗  FindTor    timeout

Run before a large search session. Use the alive engine names as arguments to --engines in search.py.


search.py — search dark web

# All 18 engines (default)
python3 search.py --query "ransomware healthcare leak"

# Specific engines (faster — use alive engines from check_engines output)
python3 search.py \
  --query "credential dump" \
  --engines Ahmia Tor66 Ahmia-clearnet OSS

# Limit result count
python3 search.py --query "bitcoin mixer" --max 30

Returns a deduplicated {title, url, engine} list across all engines.

Tip: Use short keyword queries (3–5 words). Dark web search indexes respond much better to keywords than natural-language sentences.


fetch.py — fetch any .onion page

# Hidden service
python3 fetch.py \
  --url "http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion"

# With links extracted
python3 fetch.py --url "http://example.onion/page" --links

# JSON output only
python3 fetch.py --url "http://example.onion" --json

Returns: title, text content (up to 8000 chars), extracted links, HTTP status code. A status of 0 means the hidden service is unreachable or offline.


ask.py — LLM OSINT analysis

# Inline content
python3 ask.py \
  --query "LockBit ransomware" \
  --mode ransomware \
  --content "page text from scraped pages"

# From file
python3 ask.py \
  --query "acme.com" \
  --mode corporate \
  --file /tmp/scraped_pages.txt

# Pipe from fetch.py
python3 fetch.py --url "http://some.onion" --json | \
  python3 -c "import sys,json; print(json.load(sys.stdin)['text'])" | \
  python3 ask.py --query "investigate" --mode threat_intel

# Custom analysis focus
python3 ask.py \
  --query "mixer services" \
  --mode threat_intel \
  --content "..." \
  --custom "Focus on cryptocurrency wallet addresses only"

Modes: threat_intel · ransomware · personal_identity · corporate — see Analysis modes.


pipeline.py — full investigation (one command)

Runs the complete Robin OSINT pipeline automatically:

Step What happens
1 Verify Tor is active
2 Check which engines are alive
3 Refine query to ≤5 keywords (LLM)
4 Search all alive engines
5 Filter top 20 most relevant resu

Core symbols most depended-on inside this repo

_p
called by 98
setup.py
_conn
called by 31
sicry.py
_db
called by 23
sicry.py
_step
called by 9
pipeline.py
_save_checkpoint
called by 6
pipeline.py
_ckpt
called by 6
pipeline.py
_yes
called by 6
setup.py
search
called by 5
sicry.py

Shape

Function 106
Method 28
Class 3

Languages

Python100%

Modules by API surface

sicry.py104 symbols
setup.py14 symbols
examples_langchain.py6 symbols
pipeline.py5 symbols
sync_sicry.py4 symbols
examples_crewai.py4 symbols

For agents

$ claude mcp add OnionClaw \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact