中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 50/100
Last scan:17 hr ago Rescan
50 /100
OnionClaw
Tor-based dark web OSINT tool for searching .onion sites, rotating Tor identities, and conducting multi-step threat intelligence investigations
SKILL.md describes a Tor-based dark web OSINT tool with extensive capabilities, but all referenced implementation scripts (setup.py, check_tor.py, renew.py, search.py, fetch.py, pipeline.py, etc.) are missing—only documentation exists with no verifiable code.
Skill NameOnionClaw
Duration54.0s
Enginepi
Use with caution
Do not use this skill. Request the full implementation code (all referenced Python scripts) before any security assessment. The documented capabilities suggest filesystem:WRITE, network:READ, shell:WRITE, and environment:READ access, but without code, hidden malicious behavior cannot be ruled out.

Findings 4 items

Severity Finding Location
High
Missing implementation code—only documentation present Doc Mismatch
SKILL.md describes a full dark web OSINT tool and references 10+ Python scripts (setup.py, check_tor.py, renew.py, check_engines.py, search.py, fetch.py, ask.py, pipeline.py, sync_sicry.py, and bundled sicry.py), but none of these files exist. This is a severe doc-to-code mismatch making security verification impossible.
python3 {baseDir}/setup.py | python3 {baseDir}/check_tor.py | python3 {baseDir}/renew.py | python3 {baseDir}/check_engines.py | python3 {baseDir}/search.py | python3 {baseDir}/fetch.py | python3 {baseDir}/ask.py | python3 {baseDir}/pipeline.py
→ Do not use this skill. Request complete implementation code from the upstream repo (github.com/JacobJandon/OnionClaw) and audit all scripts before deployment.
 SKILL.md:1
Medium
Environment variable access declared without audit Sensitive Access
SKILL.md explicitly states the tool uses 'python-dotenv' to read .env files containing LLM_API_KEY and other configuration. While reading .env is standard for tools needing API keys, the actual .env handling code is not present to audit.
pip: ['requests[socks]', 'beautifulsoup4', 'python-dotenv', 'stem']
→ If implementation is provided, verify .env is only read locally and credentials are not exfiltrated.
 SKILL.md:24
Medium
External code download from GitHub Supply Chain
SKILL.md describes a 'sync_sicry.py' script that pulls the 'Sicry' engine from github.com/JacobJandon/Sicry. This introduces supply chain risk—downstream code not reviewed in this package.
python3 {baseDir}/sync_sicry.py | Pull latest from upstream Sicry™ repo
→ If Sicry code is downloaded dynamically, this significantly expands the attack surface and trust requirements.
 SKILL.md:273
Low
System Tor configuration modification Priv Escalation
setup.py is documented to modify /etc/tor/torrc for ControlPort, CookieAuthentication, and DataDirectory. This requires elevated privileges and modifies system configuration.
setup.py does this automatically. | Add to /etc/tor/torrc: ControlPort 9051
→ If implemented, verify setup.py only modifies the specified torrc entries and doesn't introduce backdoors or additional configuration.
 SKILL.md:45
ResourceDeclaredInferredStatusEvidence
Filesystem WRITE WRITE ✓ Aligned SKILL.md references --out FILE, --output-dir DIR, report writing
Network READ READ ✓ Aligned SKILL.md: 'routes all requests through Tor', GitHub API calls for updates
Shell WRITE WRITE ✓ Aligned SKILL.md: 'python3 {baseDir}/setup.py', 'python3 {baseDir}/pipeline.py'
Environment READ READ ✓ Aligned SKILL.md: uses 'python-dotenv' to read .env for LLM keys, torrc paths
Skill Invoke NONE NONE No skill chaining declared
Clipboard NONE NONE Not referenced
Browser NONE NONE Not referenced
Database NONE NONE Not referenced
1 findings
🔗
Medium External URL 外部 URL
http://SOME.onion/path
SKILL.md:153

File Tree

1 files · 12.1 KB · 400 lines
Markdown 1f · 400L
└─ 📝 SKILL.md Markdown 400L · 12.1 KB

Security Positives

✓ MIT-0 license indicates open-source intent
✓ STIX/MISP output formats suggest legitimate threat intelligence use case
✓ Skill documentation is thorough and well-structured
✓ No base64-encoded payloads or obfuscation observed in documentation
✓ No direct IP addresses or C2 indicators found in documentation