{"id":"ramibotai-ramibot","name":"ramibot","homepage":"https://RamiBot.com","repo_url":"https://github.com/RamiBotAI/ramibot","category":"security","subcategories":[],"tags":["ai","security-automation","red-team","blue-team","mcp","docker","tor","local-first","fastapi","llm-integration","tool-approval"],"what_it_does":"RamiBot is a self-hosted, local-first AI security operations chat application that integrates multiple LLM providers with an MCP-powered security-tool pipeline. It runs security tooling inside Docker (including a dedicated rami-kali MCP server), supports Tor proxy routing, maintains local SQLite conversation/history, gates tool execution with a human-in-the-loop approval step, and enforces evidence-locked reporting to reduce fabricated findings.","use_cases":["Structured red/blue-team workflows using an LLM-assisted skill pipeline (recon/exploit/defense/analysis/reporting)","Executing and orchestrating security tooling through MCP while keeping tool runs inside containers","Human-approved execution of potentially risky security tools","Generating structured security reports with evidence discipline","Assisted web assessment workflows (e.g., Burp-related skills) via tool chaining","Local/offline-friendly security operations using local LLMs (Ollama/LM Studio) or connected providers"],"not_for":["Unattended automated exploitation without human oversight","Production environments requiring strict compliance attestations without review/testing","Teams that cannot manage Docker/Tor/network egress risks","Agents needing a standards-based public API/SDK surface with stable contracts"],"best_when":"You want a self-hosted, operator-controlled environment that connects LLM reasoning to real security tools with evidence-focused output and explicit approval for tool execution.","avoid_when":"You need a turnkey, cloud-hosted service with minimal local infrastructure/security review, or you require a mature, clearly specified developer API (OpenAPI/SDK) for agent integration.","alternatives":["OpenAI/Anthropic function-calling plus a custom orchestration layer (non-MCP) that runs tools in containers","Cline/AutoGPT-style agents with custom tool execution and human approval gates","Wazuh/Elastic Security + separate LLM summarization (no automated tool execution)","Local security automation platforms that expose OpenAPI/SDKs for controlled tool use"],"af_score":33.5,"security_score":39.8,"reliability_score":28.8,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T15:37:52.884988+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Configured provider API keys in backend settings.json (e.g., OpenAI; Anthropic noted as pending re-enablement)"],"oauth":false,"scopes":false,"notes":"The README mentions OAuth token support for some providers (OpenAI; Anthropic reserved/pending). For the RamiBot UI/backend endpoints described (/api/chat/stream, /api/chat/approve, /api/terminal/*), explicit authentication/authorization requirements are not clearly documented in the provided content."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source (MIT license). Costs depend on chosen LLM provider(s) and infrastructure (local compute/Docker/Tor). No service pricing is described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":33.5,"security_score":39.8,"reliability_score":28.8,"mcp_server_quality":55.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":45.0,"rate_limit_clarity":0.0,"tls_enforcement":60.0,"auth_strength":40.0,"scope_granularity":10.0,"dependency_hygiene":45.0,"secret_handling":45.0,"security_notes":"Security posture is operator-oriented: tool execution is paused behind a human approval gate and tool outputs are wrapped in evidence blocks to reduce hallucinated findings. However, the provided content does not clearly document API endpoint authentication/authorization for RamiBot itself, TLS requirements for local HTTP endpoints, fine-grained scopes/permissions, or how secrets are protected from logs. The project depends on Docker, Tor/proxychains, and a large tool surface, which increases operational risk; dependency CVE hygiene cannot be assessed from the provided materials.","uptime_documented":0.0,"version_stability":45.0,"breaking_changes_history":30.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":"Tool execution is gated and appears stateful (Docker exec/terminal sessions). No idempotency guidance is described in the provided content.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Human approval gate: agents must handle waiting for operator approval (timeout/auto-deny behavior).","Tool calls may be blocked until approval; agent should not assume immediate execution.","Evidence-locked reporting may constrain agent output; it must rely on evidence blocks rather than model guesses.","Docker/Tor/proxy routing features require environment setup and may affect tool accessibility and timing."]}}