Cybersecurity & LLM-Powered Tooling

We build open-source CLI tools and libraries for incident response, threat intelligence, and LLM-powered automation. Everything is designed to be pipe-friendly, composable, and lightweight — small tools that do one thing well.

Cybersecurity Workflow Tools

AI-augmented tools for threat intelligence, product risk assessment, and incident response analysis.

ai-ir

Python

AI-powered incident response — analyzes Slack IR exports to generate summaries, activity reports, and reusable tactics

ai-ir2

Python

Next-gen IR analysis — one-stop Gemini pipeline producing Markdown, self-contained HTML, and knowledge documents

ioc-collector

Python

Research security incidents from URLs or CVE IDs — extracts IoCs into Markdown and STIX 2.1 bundles

ir-timeline

Go

IR timeline recorder — single-binary, browser-based tool for tracking events with text, images, and time deltas

ir-tracker

Python

Live IR tracker — continuous ingestion, segmented analysis, and timeline visualization via Gemini

mail-triage

Python

GCS-based email triage — classifies eml/msg files with Gemini LLM and posts results to Slack

news-collector

Python

News collection agent — collects, tags, summarizes, translates, and delivers curated news digests

product-research

Python

Research products and services — outputs ToS, privacy, and data security analysis as structured reports

Email Analysis

Suspicious email analysis with rule-based indicators and LLM content analysis.

mail-analyzer

Go

Suspicious email analyzer — rule-based indicators + Gemini LLM content analysis for .eml/.msg files

mail-analyzer-gui

Rust

macOS desktop GUI — drag & drop email analysis via Tauri

mail-analyzer-local

Go

Local LLM version — email analysis via OpenAI-compatible API (LM Studio, Ollama)

LLM Tools & Libraries

Small, local-first CLI tools for LLM interaction, retrieval, classification, and governance.

llm-cli

Go

CLI client for local LLMs (LM Studio, Ollama) — streaming, batch, multi-image VLM, structured output

lite-llm Archived

Go

Superseded by llm-cli — CLI client for OpenAI-compatible LLM APIs

lite-rag

Go

RAG CLI for Markdown docs using DuckDB — index and query local knowledge bases

lite-switch

Go

Natural language classifier for shell pipelines — routes stdin text to a matching tag via LLM

gem-cli

Go

Gemini CLI client — multimodal prompts, streaming, grounding, structured output via Vertex AI

gem-rag

Python

Gemini-powered RAG CLI for Markdown documents — Vertex AI embeddings and DuckDB

mcp-guardian

Go

MCP governance proxy — transparent auditing, OAuth2 auto-discovery, and tool masking

cclaude

Bash

Containerized Claude Code — run Claude Code in an isolated container with project isolation

nlk

Go

LLM utility toolkit — guard, jsonfix, strip, backoff, validate. Zero external dependencies

nlk-py

Python

Python edition of nlk — same 5 modules, same API design. Zero external dependencies

gem-search

Go

Agentic web search via Vertex AI Gemini — Google Search Grounding, Markdown/JSON output, pipe-friendly

gem-image

Go

Image generation and editing CLI — Vertex AI Gemini 2.5 Flash, pipe-friendly

gem-query

Go

Natural language data analysis CLI — interactive SQL generation for DuckDB/SQLite via Vertex AI Gemini

data-analyzer

Go

Large-scale JSON/JSONL data analysis — sliding window + progressive summarization with local LLMs

quick-translate

Swift

macOS menu-bar translation tool — powered by local LLM, always-on-top overlay

ChatOps & Slack

Pipe-friendly Slack tools for ChatOps automation and monitoring.

scli

Go

Terminal Slack client — channels, messages, DMs, search

swrite

Go

Bot-oriented Slack poster — text, Block Kit, attachments, and files from shell pipelines

scat

Go

General-purpose content poster — send text, files, and Block Kit messages to Slack

stail

Go

Read-only Slack CLI — stream channel messages in real time or export history to JSON

md-to-slack

Go

Markdown to Slack Block Kit JSON filter — pipe into scat to post formatted messages

slack-router

Go

Slash Command daemon — routes commands to local shell scripts via Socket Mode

Service CLI Clients

Pipe-friendly, Unix-composable CLI clients for external services.

splunk-cli

Go

CLI client for the Splunk REST API — run searches, poll jobs, fetch results

confl-cli

Python

Confluence Cloud CLI — list, search, read, export

Data Processing Utilities

Pipe-friendly tools for data transformation, parsing, and visualization.

json-filter

Go

Extract, validate, prettify, and repair JSON from arbitrary text streams

json-to-table

Go

Format JSON arrays into text, Markdown, HTML, CSV, PNG, or Slack Block Kit tables

json-to-sqlite

Go

Load JSON data into SQLite with automatic schema inference

jstats

Go

SPL-style stats aggregations — count, avg, p95, stdev, values, and more

jviz

Go

Visualize JSON arrays as interactive charts in the browser — bar, line, pie, table

lookup

Go

Enrich JSON/JSONL streams by matching fields against CSV/JSON data sources

csv-to-json

Go

Convert CSV data to a JSON array

eml-to-jsonl

Go

Parse .eml files and output structured JSONL — headers, body, attachments

msg-to-jsonl

Go

Parse Outlook .msg files and output structured JSONL

pptx-to-markdown

Python

Convert .pptx presentations to structured Markdown for LLM analysis

rex

Go

Extract fields from text using named regex capture groups — outputs JSON

sdate

Go

Calculate timestamps using Splunk-like relative time modifiers

markdown-viewer

Go

Single-binary local Markdown viewer — renders GFM, Mermaid, and syntax-highlighted code

webhook-relay

Go

Authenticated webhook receiver — writes payloads to GCS via Cloud Run with VPC isolation

IoT & Embedded

Sensor data collection and monitoring on M5Stack hardware.

m5-vehicle-logger

C++

Vehicle driving data logger for M5Stack Basic v2.7 — GPS + IMU sensing with Wi-Fi transmission

m5-clock

C++

NTP-synchronized digital clock for M5Stack Core2 — night mode, RTC backup, SD card config

Claude Code Skills

Claude Code Skills for development process automation.

rfp

Skill

Interactive RFP facilitation — collects requirements through Q&A and generates structured RFP documents

Experimental

Works in progress. APIs and interfaces may change without notice.

agent-skeleton

Python

Autonomous agent skeleton — plan-approve-execute loop, per-tool approval, memory compression

magi-system2

Python

Multi-persona AI discussion — dynamic persona generation, dual memory, adaptive facilitation

mcp-skeleton

Python

MCP server skeleton — raw JSON-RPC 2.0 over stdio/SSE with API key auth

virtual-reviewer

Python

AI-powered security review — LLM expert models with full regulation context, UNIX pipes

meeting-note

Python

Meeting minutes structuring — audio/transcript to structured JSON via Gemini

workflow-builder

LLM-powered workflow builder — generates shell scripts from natural language

llm-othello

Go

Browser-based Othello against a local LLM — server-side move generation via OpenAI-compatible API

log-analyzer

Python

Large JSONL log analyzer — LLM-driven analysis with timestamp-based chunking for files exceeding context limits

magi-system

Python

Three-persona AI discussion (MELCHIOR / BALTHASAR / CASPER) — multi-angle analysis seeking convergence

mail-watcher

Bash

Mail monitoring workflow — watches for eml/msg files, analyzes with LLM, posts Slack notifications

sai

Python

Context-aware Slack bot — RAG memory over channel history, natural language command execution via local LLM

slack-monitor

Python

Real-time Slack channel summarizer — periodic LLM summaries with live TUI display