Is OnionClaw safe to use?

OnionClaw has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install OnionClaw?

OnionClaw can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with OnionClaw?

OnionClaw is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is OnionClaw actively maintained?

OnionClaw is actively maintained — last commit was 0 days ago. It has 65 GitHub stars.

OnionClaw

Name: OnionClaw
Author: christinminor459

by christinminor459

Provide AI agents with full Tor network access and dark web data through a zero-config OpenClaw skill or standalone tool.

65 0 tools GitHub

No known CVEs

No license

Actively maintained

Last commit 0d ago

Untested

Transport: stdio

0 tools

Grade F

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "onionclaw": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/onionclaw)](https://mcppedia.org/s/onionclaw)

Read me

What OnionClaw does

Provide AI agents with full Tor network access and dark web data through a zero-config OpenClaw skill or standalone tool.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is OnionClaw safe to use?: OnionClaw has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install OnionClaw?: OnionClaw can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with OnionClaw?: OnionClaw is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is OnionClaw actively maintained?: OnionClaw is actively maintained — last commit was 0 days ago. It has 65 GitHub stars.

Similar servers

Others in ai-ml

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.3k 2

Sequential Thinking MCP Server96

Dynamic problem-solving through sequential thought chains

84.5k 1

Arxiv Mcp Server96

A Model Context Protocol server for searching and analyzing arXiv papers

2.6k 4

Python Sdk95

The official Python SDK for Model Context Protocol servers and clients

22.8k 1

MCP Security Weekly

Get CVE alerts and security updates for OnionClaw and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "onionclaw": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/onionclaw)](https://mcppedia.org/s/onionclaw)

Read me

What OnionClaw does

Provide AI agents with full Tor network access and dark web data through a zero-config OpenClaw skill or standalone tool.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

OnionClaw 🧅

by JacobJandon

OpenClaw skill + standalone tool — full Tor / dark web access for AI agents

OnionClaw gives AI agents full access to the Tor network and .onion hidden services. It runs as an OpenClaw skill (drop-in, zero config beyond a .env file) and also works standalone from any terminal.

Based on the SICRY engine — 18 dark web search engines, Robin OSINT pipeline, four LLM analysis modes.

# As an OpenClaw skill:
cp -r OnionClaw ~/.openclaw/skills/onionclaw
# → agent now has 7 dark web commands available in every session

# Standalone:
python3 check_tor.py        # verify Tor
python3 search.py --query "ransomware healthcare"
python3 pipeline.py --query "acme.com data leak" --mode corporate

⚠️ The Rabbit Hole

Autonomous agents paired with the Tor network will be one of the most dangerous automation stacks on the internet within the next five years. OnionClaw is living proof that the rabbit hole goes deeper than most people think.

This tool is built for legitimate OSINT, threat intelligence, and security research. But the same primitives — anonymous routing, bulk scraping, AI-driven synthesis, zero-attribution browsing, automated identity rotation — are precisely what make this combination genuinely dangerous in the wrong hands.

This is not a warning tucked in fine print. It is the whole point of writing it down openly.

What the stack enables — the full map

Use case	What it looks like
Dark-web crawling	Automated, headless spidering of `.onion` services at scale — forums, paste sites, markets, leak boards — with full identity rotation between every request. No human ever touches a keyboard.
Threat intelligence	Continuous monitoring of ransomware group blogs, initial access broker ads, CVE exploit drops, and actor chatter long before it surfaces on clearnet feeds.
Marketplace monitoring	Price tracking, stock alerts, vendor reputation scraping, and availability checks across darknet markets — the same logic a researcher uses to track fentanyl price trends is the same logic a supplier uses to undercut competitors.
Credential surveillance	Watching paste boards, breach dumps, and forum leaks for specific email domains, API keys, SSH keys, or internal hostnames the moment they appear — at a scale no human analyst can match.
Deanonymisation research	Cross-correlating `.onion` service metadata with clearnet traces, timing attacks, correlation of writing style and PGP keys — used both by law enforcement hunting criminals and by threat actors hunting journalists and dissidents.
Criminal automation	Autonomous agents placing orders, posting ads, messaging vendors, managing mule accounts, draining wallets — an entire criminal operation running without a human ever in the loop.
Disinformation infrastructure	Coordinated persona networks on hidden boards, fabricated document drops timed to bleed into legitimate OSINT pipelines, synthetic intelligence that reads real but originates from nowhere.
Zero-day brokerage	Automated monitoring of exploit vendor channels, private CVE auction boards, and vulnerability markets — buy-side and sell-side intelligence gathered faster than any human analyst.

The ugly side

The 2026 internet is already at the edge of this. Within five years, AI agents that can:

**Browse anonym

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

28/100across 5 weighted dimensions

How we score →

0255075100

−72

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Help improve this page

This server is missing a description. Tools and install config are also missing.If you've used it, help the community.

Add information

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is OnionClaw safe to use?: OnionClaw has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install OnionClaw?: OnionClaw can be installed by cloning its GitHub repository and following the setup instructions in the README.
What AI clients work with OnionClaw?: OnionClaw is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.
Is OnionClaw actively maintained?: OnionClaw is actively maintained — last commit was 0 days ago. It has 65 GitHub stars.