OnionClaw provides an OpenClaw skill that routes requests through the Tor network to search dark-web indexes, fetch .onion hidden-service pages, rotate Tor circuits for fresh identities, and run a structured OSINT investigation pipeline. It bundles command-line scripts to check Tor status, search multiple live dark-web engines, fetch and scrape pages via Tor, and feed scraped content into an LLM-based analysis pipeline for threat intelligence or breach discovery. Typical outputs include deduplicated search results, fetched page text, extracted links, and a structured investigative report.
Use OnionClaw when you need lawful OSINT on dark-web sources: searching for leaked credentials, checking whether a domain or email appears in .onion indexes, investigating ransomware group activity, or fetching specific .onion pages for analysis. It is appropriate when you can run Tor locally and accept the operational caveats of intermittent hidden-service availability. Do NOT use for illegal activities.
Compatible with Python-based OpenClaw agents and any agent that can run local Python scripts; integrates with LLM providers when configured via .env for analysis steps.
OnionClaw is a Tor/dark web OSINT skill that searches 12 dark web engines, fetches .onion pages, and produces structured analysis reports. No bundled scripts were available to test. The SKILL.md is well-documented with clear command examples and investigation flows. Key security concern: sync_sicry.py fetches and overwrites local code from a remote GitHub repo (effectively curl|bash pattern), and git pull auto-update without confirmation.
The sync_sicry.py mechanism is the biggest red flag — it downloads code from GitHub and replaces a local module, which is a supply-chain attack vector. The git pull auto-update is also concerning but less severe. The skill's purpose (dark web OSINT) is legitimate but niche. No scripts were bundled in the DB fetch so runtime behavior couldn't be tested. The SKILL.md itself is high quality with good structure.