ramibot
RamiBot is a self-hosted, local-first AI security operations chat application that integrates multiple LLM providers with an MCP-powered security-tool pipeline. It runs security tooling inside Docker (including a dedicated rami-kali MCP server), supports Tor proxy routing, maintains local SQLite conversation/history, gates tool execution with a human-in-the-loop approval step, and enforces evidence-locked reporting to reduce fabricated findings.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is operator-oriented: tool execution is paused behind a human approval gate and tool outputs are wrapped in evidence blocks to reduce hallucinated findings. However, the provided content does not clearly document API endpoint authentication/authorization for RamiBot itself, TLS requirements for local HTTP endpoints, fine-grained scopes/permissions, or how secrets are protected from logs. The project depends on Docker, Tor/proxychains, and a large tool surface, which increases operational risk; dependency CVE hygiene cannot be assessed from the provided materials.
⚡ Reliability
Best When
You want a self-hosted, operator-controlled environment that connects LLM reasoning to real security tools with evidence-focused output and explicit approval for tool execution.
Avoid When
You need a turnkey, cloud-hosted service with minimal local infrastructure/security review, or you require a mature, clearly specified developer API (OpenAPI/SDK) for agent integration.
Use Cases
- • Structured red/blue-team workflows using an LLM-assisted skill pipeline (recon/exploit/defense/analysis/reporting)
- • Executing and orchestrating security tooling through MCP while keeping tool runs inside containers
- • Human-approved execution of potentially risky security tools
- • Generating structured security reports with evidence discipline
- • Assisted web assessment workflows (e.g., Burp-related skills) via tool chaining
- • Local/offline-friendly security operations using local LLMs (Ollama/LM Studio) or connected providers
Not For
- • Unattended automated exploitation without human oversight
- • Production environments requiring strict compliance attestations without review/testing
- • Teams that cannot manage Docker/Tor/network egress risks
- • Agents needing a standards-based public API/SDK surface with stable contracts
Interface
Authentication
The README mentions OAuth token support for some providers (OpenAI; Anthropic reserved/pending). For the RamiBot UI/backend endpoints described (/api/chat/stream, /api/chat/approve, /api/terminal/*), explicit authentication/authorization requirements are not clearly documented in the provided content.
Pricing
Self-hosted open-source (MIT license). Costs depend on chosen LLM provider(s) and infrastructure (local compute/Docker/Tor). No service pricing is described.
Agent Metadata
Known Gotchas
- ⚠ Human approval gate: agents must handle waiting for operator approval (timeout/auto-deny behavior).
- ⚠ Tool calls may be blocked until approval; agent should not assume immediate execution.
- ⚠ Evidence-locked reporting may constrain agent output; it must rely on evidence blocks rather than model guesses.
- ⚠ Docker/Tor/proxy routing features require environment setup and may affect tool accessibility and timing.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for ramibot.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.