Mobazha Tor Browsing

v0.1.0

Configure Tor Browser to access Mobazha stores privately, or run a store as a .onion hidden service. Use for privacy and anonymity setup.

⭐ 0· 88·0 current·0 all-time

by@fengzie

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for fengzie/mobazha-tor-browsing.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Mobazha Tor Browsing" (fengzie/mobazha-tor-browsing) from ClawHub.
Skill page: https://clawhub.ai/fengzie/mobazha-tor-browsing
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install mobazha-tor-browsing

ClawHub CLI

Package manager switcher

npx clawhub@latest install mobazha-tor-browsing

Security Scan

Capability signals

CryptoCan make purchases

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill's purpose (Tor browsing and hosting a Tor hidden service for a Mobazha store) aligns with the instructions. However the SKILL.md expects the user to run Docker, docker-compose, sudo, curl and to edit files under /opt/mobazha, yet the skill metadata declares no required binaries, env vars, or config paths. That omission is a coherence issue: the runtime instructions require system-level tools and privileges that are not reflected in the metadata.

Instruction Scope

The instructions tell users to download and execute a remote installer (curl -sSL https://get.mobazha.org/standalone | sudo bash -s -- --overlay tor) which runs code as root. That is outside the narrow scope of merely advising how to use Tor Browser. Other instructions modify /opt/mobazha, set .env, and restart Docker services — all system-level actions. The SKILL.md gives no guidance to verify the downloaded script or its integrity.

Install Mechanism

There is no formal install spec, but the runtime instructions effectively install software by streaming a shell script from get.mobazha.org and executing it with sudo. Download-and-execute from an external URL is high-risk, especially when the domain and script are not accompanied by checksums, signatures, or a verifiable upstream project page.

ℹ

Credentials

The skill declares no required environment variables or credentials, which is consistent with its purpose. However, it implicitly requires elevated system privileges (sudo), Docker and docker-compose, and write access to /opt/mobazha. Those are reasonable for enabling a hidden service but should be declared explicitly so users know what will be required.

ℹ

Persistence & Privilege

The skill is not always-enabled and does not request autonomous privileges in metadata. Still, the recommended installer will modify the host (install overlay, generate a hidden-service, restart containers), which grants persistent system changes and long-lived network presence. That behavior is expected for a hosting setup but carries operational risk and should be made explicit.

What to consider before installing

This skill's goal (using Tor and hosting a Tor hidden service) is plausible, but it instructs you to run a remote installer as root (curl | sudo bash) from an unverified domain and to change system Docker configuration without providing checksums, code, or a project homepage. Before using: (1) demand provenance — a homepage, source repo, release checksums, and signatures for get.mobazha.org; (2) do NOT pipe unknown scripts to sudo — download and inspect the script first or request an install method via a vetted package/repo; (3) ensure you have Docker, docker-compose, curl, and sudo and run the installer in an isolated environment (VM or disposable VPS) first; (4) backup any existing /opt/mobazha data and review the script to confirm it only performs expected actions; (5) prefer manual configuration steps or official packages from the upstream project; (6) separate any hosting instance from your personal identity and payment methods. If the publisher can provide a verifiable repository, release artifacts, and install checksums, the risk assessment could be re-evaluated.

Like a lobster shell, security has layers — review code before you run it.

latestvk973v6mb16f8pa4j8m15mss70n8583qe

88downloads

0stars

1versions

Updated 6d ago

v0.1.0

MIT-0

Tor Browsing & Privacy Configuration

Access Mobazha stores anonymously through Tor, or run your own store as a .onion hidden service.

Part A: Browse Mobazha Stores via Tor (Buyer)

Step 1: Install Tor Browser

Download from the official Tor Project website: https://www.torproject.org/download/

Platform	Install Method
Windows	Download and run the installer from torproject.org
macOS	Download the `.dmg`, drag to Applications
Linux	`sudo apt install torbrowser-launcher` or download from torproject.org
Android	Install "Tor Browser" from Google Play or F-Droid

Step 2: Access a .onion Store

If a Mobazha store has Tor enabled, it will have a .onion address. Open Tor Browser and navigate to:

http://<store-onion-address>.onion

The store looks and works exactly like the clearnet version, but your connection is routed through the Tor network for privacy.

Step 3: Browse the Mobazha Marketplace via Tor

The SaaS marketplace can also be accessed through Tor by visiting:

https://app.mobazha.org

Tor Browser handles the connection routing automatically. Note that .onion addresses provide stronger anonymity than accessing clearnet URLs through Tor.

Privacy Tips for Buyers

Use Tor Browser exclusively — don't use a regular browser with a Tor proxy
Don't maximize the window — keeping the default size reduces fingerprinting
Avoid logging in — browsing without an account provides the strongest anonymity
Use cryptocurrency — for truly private purchases, pay with privacy-focused coins like Zcash (shielded)

Part B: Run Your Store as a Tor Hidden Service (Seller)

Option 1: Enable During Docker Installation

curl -sSL https://get.mobazha.org/standalone | sudo bash -s -- --overlay tor

This sets up your store with a .onion address. No domain name or public IP required.

Option 2: Enable on an Existing Docker Store

In the store admin dashboard:

Go to Admin → System → Network
Enable the Tor overlay
Save and wait for the service to restart

The .onion address will be generated and displayed in the Network settings.

No re-installation needed.

Option 3: Using mobazha-ctl

cd /opt/mobazha
# Update .env to set OVERLAY_TYPE=tor and CONNECTIVITY=overlay
# Then restart:
docker compose -f docker-compose.yml -f docker-compose.overlay.yml --profile tor up -d

Finding Your .onion Address

After enabling Tor, your store's .onion address is shown in:

Admin → System → Network in the dashboard
The container logs: docker compose logs | grep "onion"

How It Works

When Tor overlay is enabled:

Your store runs a Tor hidden service inside the Docker container
A .onion address is generated (no domain purchase needed)
Buyers can access your store anonymously via Tor Browser
Your VPS IP is not exposed to buyers
You can run with Tor and a clearnet domain simultaneously

Lokinet Alternative

Mobazha also supports Lokinet as a privacy overlay:

curl -sSL https://get.mobazha.org/standalone | sudo bash -s -- --overlay lokinet

Lokinet provides similar anonymity properties with potentially lower latency.

Security Considerations

Tor does not encrypt stored data — it protects network traffic only
If running a hidden service, keep your VPS identity separate from your real identity
Use cryptocurrency for payments to maintain transaction privacy
Regularly update your store to get the latest security patches

Comments

Loading comments...