安全决策报告
OnionClaw
SKILL.md describes a Tor-based dark web OSINT tool with extensive capabilities, but all referenced implementation scripts (setup.py, check_tor.py, renew.py, search.py, fetch.py, pipeline.py, etc.) are missing—only documentation exists with no verifiable code.
最直接的威胁证据
高危 文档欺骗
Missing implementation code—only documentation present SKILL.md describes a full dark web OSINT tool and references 10+ Python scripts (setup.py, check_tor.py, renew.py, check_engines.py, search.py, fetch.py, ask.py, pipeline.py, sync_sicry.py, and bundled sicry.py), but none of these files exist. This is a severe doc-to-code mismatch making security verification impossible.
SKILL.md:1 为什么得出这个结论
1/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
复核
隐藏执行与外联
提取到 1 个一般风险产物,需要结合上下文判断。
阻止
攻击链与高危发现
报告包含 0 步攻击链,另有 1 项高危或严重发现。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
Missing implementation code +30
SKILL.md references 10+ Python scripts (setup.py, check_tor.py, renew.py, search.py, fetch.py, ask.py, pipeline.py, sync_sicry.py, etc.) that do not exist in the package—only documentation is present
Undeclared network behavior +10
Tool routes all traffic through Tor and makes GitHub API calls for updates; ability to download sync_sicry.py from external repo is not security-reviewed
Broad declared capabilities +10
SKILL.md declares filesystem writes, environment variable access (python-dotenv), and shell execution but no code exists to audit
最关键的证据
高危 文档欺骗
Missing implementation code—only documentation present
SKILL.md describes a full dark web OSINT tool and references 10+ Python scripts (setup.py, check_tor.py, renew.py, check_engines.py, search.py, fetch.py, ask.py, pipeline.py, sync_sicry.py, and bundled sicry.py), but none of these files exist. This is a severe doc-to-code mismatch making security verification impossible.
SKILL.md:1 Do not use this skill. Request complete implementation code from the upstream repo (github.com/JacobJandon/OnionClaw) and audit all scripts before deployment.
中危 敏感访问
Environment variable access declared without audit
SKILL.md explicitly states the tool uses 'python-dotenv' to read .env files containing LLM_API_KEY and other configuration. While reading .env is standard for tools needing API keys, the actual .env handling code is not present to audit.
SKILL.md:24 If implementation is provided, verify .env is only read locally and credentials are not exfiltrated.
中危 供应链
External code download from GitHub
SKILL.md describes a 'sync_sicry.py' script that pulls the 'Sicry' engine from github.com/JacobJandon/Sicry. This introduces supply chain risk—downstream code not reviewed in this package.
SKILL.md:273 If Sicry code is downloaded dynamically, this significantly expands the attack surface and trust requirements.
低危 权限提升
System Tor configuration modification
setup.py is documented to modify /etc/tor/torrc for ControlPort, CookieAuthentication, and DataDirectory. This requires elevated privileges and modifies system configuration.
SKILL.md:45 If implemented, verify setup.py only modifies the specified torrc entries and doesn't introduce backdoors or additional configuration.
声明能力 vs 实际能力
文件系统 通过
声明 WRITE
→ 推断 WRITE
SKILL.md references --out FILE, --output-dir DIR, report writing 网络访问 通过
声明 READ
→ 推断 READ
SKILL.md: 'routes all requests through Tor', GitHub API calls for updates 命令执行 通过
声明 WRITE
→ 推断 WRITE
SKILL.md: 'python3 {baseDir}/setup.py', 'python3 {baseDir}/pipeline.py' 环境变量 通过
声明 READ
→ 推断 READ
SKILL.md: uses 'python-dotenv' to read .env for LLM keys, torrc paths 技能调用 通过
声明 NONE
→ 推断 NONE
No skill chaining declared 剪贴板 通过
声明 NONE
→ 推断 NONE
Not referenced 浏览器 通过
声明 NONE
→ 推断 NONE
Not referenced 数据库 通过
声明 NONE
→ 推断 NONE
Not referenced 可疑产物与外联
中危 外部 URL
http://SOME.onion/path SKILL.md:153
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 400 行
Markdown 1 个文件 · 400 行
需关注文件 · 1
SKILL.md Missing implementation code—only documentation present · Environment variable access declared without audit · External code download from GitHub · System Tor configuration modification · http://SOME.onion/path
安全亮点
MIT-0 license indicates open-source intent
STIX/MISP output formats suggest legitimate threat intelligence use case
Skill documentation is thorough and well-structured
No base64-encoded payloads or obfuscation observed in documentation
No direct IP addresses or C2 indicators found in documentation