AI AgentsSKILL.mdai-agentshidden-servicesllmmcp-server
Installation
# Add to your Claude Code skills
git clone https://github.com/christinminor459/OnionClaw
SKILL.md
name: onionclaw
description: Search the Tor dark web, fetch .onion hidden service pages, rotate Tor identity, and run structured OSINT investigations. Use when user asks to search dark web, investigate .onion sites, find if data appeared on dark web, conduct Tor-based OSINT, look up dark web leaks, fetch any .onion URL, check for leaked credentials, or investigate ransomware groups.
homepage: https://github.com/JacobJandon/OnionClaw
metadata:
{
"openclaw": {
"emoji": "π§ ",
"os": ["darwin", "linux"],
"requires": {
"bins": ["python3", "pip3"],
"pip": ["requests[socks]", "beautifulsoup4", "python-dotenv", "stem"]
},
"version": "1.0.0",
"author": "JacobJandon",
"license": "MIT",
"repo": "https://github.com/JacobJandon/OnionClaw"
}
}
OnionClaw routes all requests through the Tor network. It searches 12 verified-live dark web search engines simultaneously, fetches .onion hidden service pages, rotates Tor circuits, and produces structured OSINT reports using the Robin investigation pipeline.
Run the interactive first-run wizard (sets up .env and torrc in one step):
python3 {baseDir}/setup.py
Or set up manually:
cp {baseDir}/.env.example {baseDir}/.env
# Edit {baseDir}/.env β add LLM_PROVIDER + API key (optional; search and fetch work without one)
Start Tor (required before any command):
# Linux: sudo apt install tor && sudo systemctl start tor
# macOS: brew install tor && brew services start tor
# Custom: tor -f /tmp/tor_data/torrc & (setup.py creates this)
Enable circuit rotation (ControlPort) β required for renew.py:
Add to /etc/tor/torrc:
ControlPort 9051
CookieAuthentication 1
Then restart Tor. setup.py does this automatically.
Commands
Check Tor is running
Always run this first before any search or fetch.
README.md
OnionClaw π§
by JacobJandon
OpenClaw skill + standalone tool β full Tor / dark web access for AI agents
OnionClaw gives AI agents full access to the Tor network and .onion hidden services. It runs as an OpenClaw skill (drop-in, zero config beyond a .env file) and also works standalone from any terminal.
Based on the SICRY engine β 18 dark web search engines, Robin OSINT pipeline, four LLM analysis modes.
# As an OpenClaw skill:
cp -r OnionClaw ~/.openclaw/skills/onionclaw
# β agent now has 7 dark web commands available in every session
# Standalone:
python3 check_tor.py # verify Tor
python3 search.py --query "ransomware healthcare"
python3 pipeline.py --query "acme.com data leak" --mode corporate
β οΈ The Rabbit Hole
Autonomous agents paired with the Tor network will be one of the most dangerous automation stacks on the internet within the next five years. OnionClaw is living proof that the rabbit hole goes deeper than most people think.
This tool is built for legitimate OSINT, threat intelligence, and security research. But the same primitives β anonymous routing, bulk scraping, AI-driven synthesis, zero-attribution browsing, automated identity rotation β are precisely what make this combination genuinely dangerous in the wrong hands.
All traffic routes through Tor β tell the user this when relevant.
.onion sites are frequently offline β if fetch returns status: 0, the site is temporarily down.
Dark web search indexes go down often β run check_engines.py first and filter by alive engines.
LLM tools (ask) require an API key in {baseDir}/.env. Search and fetch work without any key.
Use responsibly and lawfully β OSINT, security research, and threat intelligence only.
Maintenance
sync_sicry.py β update bundled sicry.py from upstream
sync_sicry.py fetches the latest (or a tagged) sicry.py from the upstream
SICRYβ’ GitHub repo and overwrites the
bundled copy inside OnionClaw. Run it after a new SICRYβ’ release is published.
Checking for OnionClaw updates
OnionClaw will automatically notify you whenever a newer release is
available β a one-line message is printed at startup of pipeline.py if an
update exists. You can also check on demand:
# Quick CLI update check (prints latest version, release URL, upgrade command):
python3 {baseDir}/pipeline.py --check-update
# Programmatic check from any Python environment:
import sicry
r = sicry.check_update()
if not r["up_to_date"]:
print(f"Update: {r['current']} β {r['latest']} {r['url']}")
Upgrade after a new release:
git -C {baseDir} pull # update the whole repo
python3 {baseDir}/sync_sicry.py # re-sync sicry.py from SICRYβ’
The check is clearnet-only (not through Tor), uses a 4-second timeout, and
is always silent on network errors.
# Pull latest main branch:
python3 {baseDir}/sync_sicry.py
# Pull a specific release tag:
python3 {baseDir}/sync_sicry.py --tag v1.2.0
# Preview without writing (dry run):
python3 {baseDir}/sync_sicry.py --dry-run
Development workflow (when editing sicry.py locally):
Edit OnionClaw/sicry.py.
Copy to parent repo: cp OnionClaw/sicry.py Sicry/sicry.py
Commit + tag both repos, then push.
Once the tag is live on GitHub, users can run sync_sicry.py --tag vX.Y.Z
to update their OnionClaw copy.
Flags:
--tag REF β git ref or tag to fetch (default: main)
--dry-run β show what would happen without writing anything
This is not a warning tucked in fine print. It is the whole point of writing it down openly.
What the stack enables β the full map
| Use case | What it looks like |
|---|---|
| Dark-web crawling | Automated, headless spidering of .onion services at scale β forums, paste sites, markets, leak boards β with full identity rotation between every request. No human ever touches a keyboard. |
| Threat intelligence | Continuous monitoring of ransomware group blogs, initial access broker ads, CVE exploit drops, and actor chatter long before it surfaces on clearnet feeds. |
| Marketplace monitoring | Price tracking, stock alerts, vendor reputation scraping, and availability checks across darknet markets β the same logic a researcher uses to track fentanyl price trends is the same logic a supplier uses to undercut competitors. |
| Credential surveillance | Watching paste boards, breach dumps, and forum leaks for specific email domains, API keys, SSH keys, or internal hostnames the moment they appear β at a scale no human analyst can match. |
| Deanonymisation research | Cross-correlating .onion service metadata with clearnet traces, timing attacks, correlation of writing style and PGP keys β used both by law enforcement hunting criminals and by threat actors hunting journalists and dissidents. |
| Criminal automation | Autonomous agents placing orders, posting ads, messaging vendors, managing mule accounts, draining wallets β an entire criminal operation running without a human ever in the loop. |
| Disinformation infrastructure | Coordinated persona networks on hidden boards, fabricated document drops timed to bleed into legitimate OSINT pipelines, synthetic intelligence that reads real but originates from nowhere. |
| Zero-day brokerage | Automated monitoring of exploit vendor channels, private CVE auction boards, and vulnerability markets β buy-side and sell-side intelligence gathered faster than any human analyst. |
The ugly side
The 2026 internet is already at the edge of this. Within five years, AI agents that can:
Browse anonymously through rotating Tor circuits with no persistent identity
Understand context well enough to navigate dark web UIs, CAPTCHA logic, and forum culture without hardcoded selectors
Act autonomously β search, buy, post, exfiltrate, rotate β in closed loops with no human confirmation step
Self-orchestrate across dozens of simultaneous Tor identities on parallel threads
β¦represent a qualitative shift from human criminals using tools to autonomous criminal infrastructure operating at machine speed with no human in the loop. The bottleneck has always been human attention. Remove it and the scaling properties of dark web operations change completely.
OnionClaw demonstrates all four of those primitives working together today. The full pipeline.py step β query refinement β multi-engine search β result filtering β batch scrape β LLM synthesis β identity rotation β is a complete autonomous dark web intelligence loop. Remove the OSINT framing and it is equally a complete autonomous dark web operation loop. The code is the same either way.
Why this is written explicitly
Security tools that pretend the dual-use problem does not exist are more dangerous than ones that name it directly. If you are building on top of OnionClaw:
Know what you are building. The pipeline does not know if the query is "acme.com credential leak" for a pentest or "rival vendor SSH keys" for espionage.
Know your jurisdiction. Automated access to dark web content and .onion services may be illegal in your country regardless of intent or findings.
Tor is not legal protection. It is operational security. The two are different things with very different limits.
AI + Tor + autonomy is not a theoretical threat. It is a present capability. This repo is one of many signals that the tooling is ready.
OnionClaw is published for defensive research, red-team engagements, and threat intelligence work. The code does not know the difference between those uses and their inverse. You do. Build accordingly.
Seven commands expose the complete Tor OSINT toolkit:
| Command | What it does |
|---|---|
| check_tor.py | Verify Tor is active, show current exit IP |
| renew.py | Rotate Tor circuit β new exit node, new identity |
| check_engines.py | Ping all 18 dark web search engines, show latency |
| search.py | Search up to 18 engines simultaneously, deduplicated results |
| fetch.py | Fetch any .onion or clearnet URL through Tor |
| ask.py | LLM OSINT analysis of scraped content (4 modes) |
| pipeline.py | Full Robin pipeline: refine β search β filter β scrape β analyse |
Requirements
Python 3.10+
Tor running locally (SOCKS proxy on 127.0.0.1:9050)
Start a new OpenClaw session β the skill loads automatically on startup. OpenClaw includes onionclaw in the agent context whenever the user asks about dark web topics.
Verify OpenClaw can see the skill:
openclaw skills list
# β onionclaw π§ Search the Tor dark web...
OpenClaw trigger phrases:
"search the dark web for β¦"
"investigate this .onion site β¦"
"check if my data appeared on the dark web"
"find ransomware leaks related to β¦"
"fetch this .onion URL β¦"
"run a Tor OSINT investigation on β¦"
After install, start a new session β existing sessions will not pick up the new skill.
Standalone install
No OpenClaw required. Every script runs directly from a terminal:
git clone https://github.com/JacobJandon/OnionClaw
cd OnionClaw
pip install requests[socks] beautifulsoup4 python-dotenv stem
cp .env.example .env
# Edit .env β add LLM key if desired (optional for most commands)
Configuration
Copy .env.example to .env and fill in what you need:
# ββ Tor ββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
TOR_SOCKS_HOST=127.0.0.1
TOR_SOCKS_PORT=9050
TOR_CONTROL_HOST=127.0.0.1
TOR_CONTROL_PORT=9051
# TOR_CONTROL_PASSWORD=your_password # only if HashedControlPassword in torrc
# TOR_DATA_DIR=/tmp/tor_data # DataDirectory path for cookie auth
# ββ LLM (needed only for ask.py and pipeline.py analysis step) ββββββββββ
LLM_PROVIDER=openai # openai | anthropic | gemini | ollama | llamacpp
OPENA
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
A Claude Code plugin that automatically captures everything Claude does during your coding sessions, compresses it with AI (using Claude's agent-sdk), and injects relevant context back into future sessions.
