nothumanallowed
Command-line and locally-run AI-agent platform with many “specialist” agents plus a REST API for invoking agents/agent chains; includes integrations for Gmail/Calendar and Outlook, a local web UI, optional voice chat, and an extensibility/plugin system. Claims “zero data” via local processing and supports LLM calls using user-provided API keys.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture claims are prominent (Ed25519 auth, SENTINEL WAF, “100% local”, zero deps), but the provided excerpts do not include concrete technical verification: no explicit API auth scheme for api/v1 endpoints, no documented threat model, no logging/telemetry controls, and no operational security details for the local daemon/UI. Secret handling guidance is not shown (e.g., whether tokens are ever logged). Rate limiting and output safety controls are not documented in the excerpt.
⚡ Reliability
Best When
You want a CLI-first agent workflow (possibly local) plus an HTTP API for agent invocation, and you’re comfortable managing your own LLM provider keys/config.
Avoid When
You cannot verify what is truly “local” in practice (e.g., network egress/telemetry policies), or you need clearly specified rate limits, pagination, and error semantics for programmatic use.
Use Cases
- • Security auditing and threat modeling for code and dependencies
- • Automated code review and remediation planning
- • Daily ops for email/calendar/task summarization and alerts
- • Generating project documentation and content formatting
- • Local or semi-local multi-agent workflows via REST invoke endpoints
- • Integrating an agent toolkit into a custom app via HTTP calls
Not For
- • High-assurance environments without independent verification of the security model
- • Cases requiring strict, formally documented privacy guarantees (beyond the README claims)
- • Production deployments needing documented SLAs/operational guarantees
- • Organizations that require OAuth SSO or enterprise-grade RBAC/SCIM
Interface
Authentication
Auth for the described REST endpoints is not clearly specified in the README excerpts (no explicit auth headers/keys shown for api/v1 endpoints). Outlook integration suggests OAuth flow, but concrete scopes/controls are not documented in provided content.
Pricing
README implies cost depends on the chosen LLM provider key you supply; no pricing tiers for the package itself are provided in the excerpt.
Agent Metadata
Known Gotchas
- ⚠ README claims “zero dependencies”, but the code-level dependency/security posture is not verifiable from provided content.
- ⚠ REST auth, rate limiting, and error response schema are not documented in the excerpt; agents may fail in non-obvious ways.
- ⚠ “100% local/zero data” is a claim; actual egress depends on configuration (LLM providers, optional Whisper, browser-based voice).
- ⚠ Multi-agent orchestration costs/latency may be high without explicit controls/limits.
- ⚠ Plugins are described as having access to Gmail/Calendar/Tasks; unsafe plugin code could create security risks without isolation/sandboxing.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for nothumanallowed.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.