A production-ready performance and tooling system for AI agent harnesses (Claude Code, Codex, Cursor): reusable agents/skills, hooks, memory and security tooling, installer and CI integrations.
Provides an operator-grade system and reusable toolkit for building, running, and securing agentic workflows across multiple LLM harnesses — skills, hooks, memory, MCP integrations, and security scanning for production agent deployments.
A curated, security-first registry of verified, tested skills you can install into AI coding agents. Each skill is human-curated, scanned (Snyk/static analysis), and integrity-locked; delivered via a CLI and optional MCP server to multiple agents (Claude Code, Cursor, Copilot, etc.).
Provides a REST server that lets AI agents browse sites while avoiding common bot-detection by running Camoufox (a Firefox fork with C++-level fingerprint spoofing). Returns compact accessibility snapshots, stable element refs, session isolation, proxy/geoIP support, and agent-friendly endpoints (click, type, snapshot, transcripts).
Automates decompiling APK/AAR/JAR and extracting HTTP APIs — Retrofit endpoints, OkHttp calls, hardcoded URLs, and auth patterns — so you can document and reproduce an app's network surface without source code. Integrates jadx/Vineflower/Fernflower and scripts for call-flow tracing.
Runs untrusted code (LLM outputs, plugins, and third‑party tools) inside cross‑platform, policy‑driven sandboxes. Provides a unified JSON schema and a TypeScript SDK that sit on multiple containment backends (process sandboxes, LXC/Bubblewrap, microVMs). Early preview with known permissive profiles — not yet a security boundary.
Autonomous white-box AI pentester for web apps and APIs. It reads your source code, maps the running app, then runs specialized agents that fire real proof-of-concept exploits for injection, XSS, SSRF, and auth flaws — reporting only what it can exploit.
Acts as an OpenAI‑compatible local and cloud gateway that routes requests across 100+ LLM providers with smart routing, load balancing, retries and fallbacks. Adds policies, rate limits, semantic caching and observability for reliable, cost‑aware inference in Docker, Electron or npm installs.
A Chromium binary patched at the C++ level to evade bot-detection and serve as a drop-in Playwright/Puppeteer replacement. Notable features: source-level fingerprint patches, human-like input emulation, auto-updating binaries, and integrations for Python/Node.js and Docker — useful for scraping, agent-driven browsing, and stealth automation.
Provides a structured library of 754 cybersecurity skills (agentskills.io format) mapped to MITRE ATT&CK, NIST CSF, MITRE ATLAS, D3FEND and NIST AI RMF — so AI agents can load practitioner workflows and decision logic across 20+ platforms.
Extracts derived keys from running WeChat 4.x processes to decrypt SQLCipher 4 databases and .dat media files, and provides a real-time message monitor with a Web UI. Cross-platform (Windows/Linux/macOS) but requires process-memory or local-data access and is intended for decrypting your own WeChat data only.
Performs deterministic, sub-millisecond policy checks on every agent action (allow/deny + audit) and adds zero-trust identity, execution sandboxing, and SRE features. Covers the OWASP Agentic Top 10 and is designed to sit between agent frameworks and runtime actions for auditable, low-latency governance in production.