SkillsMay 12, 2026·2 min read

Osmedeus — Security Orchestration Engine

Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

Agent ready

Review-first install path

This asset needs a review step. The copied prompt tells the agent to dry-run, show the writes, then proceed only after confirmation.

Needs Confirmation · 64/100Policy: confirm
Agent surface
Any MCP/CLI agent
Kind
Skill
Install
Single
Trust
Trust: Established
Entrypoint
Asset
Review-first command
npx -y tokrepo@latest install 847acf46-a034-5504-a1fc-e481df2f07b5 --target codex

Dry-run first, confirm the writes, then run this command.

Intro

Osmedeus is a security orchestration engine with a CLI and workflows for recon and asset inventory—use only on systems you own or are authorized to test.

  • Best for: Authorized security testing and repeatable recon workflows
  • Works with: Linux/macOS; CLI workflows; optional API server; integrates with docs.osmedeus.org
  • Setup time: 15–45 minutes

Practical Notes

  • GitHub: 6,232 stars · 982 forks; pushed 2026-05-11 (verified via GitHub API).
  • README installation uses a one-line install script and includes --dry-run to preview workflow execution.
  • CLI examples show modules/flows, concurrency flags, and a built-in API server (osmedeus serve).

Main

Safety-first usage:

  • Treat Osmedeus as an internal security automation runner. Keep targets in a scoped allowlist (your domains, your staging, your owned IPs).
  • Start with --dry-run and inspect what will execute, then run with conservative concurrency.
  • Keep outputs in a dedicated workspace and store the final report artifacts alongside the run configuration so audits are easy.

If you want to involve an AI agent, have it produce a plan and a safe target list first; never let the agent free-run on the public internet.

FAQ

Q: Is it legal to scan random sites? A: No. Use it only for systems you own or have explicit permission to test.

Q: How do I reduce risk? A: Use --dry-run, keep concurrency low, and run inside isolated environments.

Q: Can it expose an API? A: Yes—README includes osmedeus serve to start an API server.

🙏

Source & Thanks

Source: https://github.com/j3ssie/osmedeus > License: MIT > GitHub stars: 6,232 · forks: 982

Discussion

Sign in to join the discussion.
No comments yet. Be the first to share your thoughts.

Related Assets