[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-11801":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":21,"archived":22,"fork":22,"defaultBranch":23,"hasWiki":24,"hasPages":22,"topics":25,"createdAt":10,"pushedAt":10,"updatedAt":40,"readmeContent":41,"aiSummary":42,"trendingCount":15,"starSnapshotCount":15,"syncStatus":43,"lastSyncTime":44,"discoverSource":45},11801,"promptzero","xunholy\u002Fpromptzero","xunholy","AI operated Flipper Zero","",null,"Go",180,26,3,0,4,9,70,12,63.79,"GNU Affero General Public License v3.0",false,"main",true,[26,27,28,29,30,31,32,33,34,35,36,37,38,39],"badusb","cybersecurity","flipper","flipper-zero","golang","hardware-hacking","marauder","momentum","pentesting","red-team","subghz","unleashed","unlocked","wifi-hacking","2026-06-12 04:00:55","\u003Cp align=\"center\">\n  \u003Cimg src=\".github\u002Fassets\u002Fbanner.png\" alt=\"PromptZero — natural-language operator for the Flipper Zero\" width=\"560\">\n\u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero\u002Freleases\u002Flatest\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fxunholy\u002Fpromptzero?label=release\" alt=\"Latest release\">\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero\u002Fblob\u002Fmain\u002FLICENSE\">\u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-AGPL--3.0-blue\" alt=\"AGPL-3.0\">\u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero\u002Factions\u002Fworkflows\u002Fci.yaml\">\u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero\u002Factions\u002Fworkflows\u002Fci.yaml\u002Fbadge.svg\" alt=\"CI\">\u003C\u002Fa>\n\u003C\u002Fp>\n\n> **Describe it. Generate it. Deploy it. Run it.**\n\nPromptZero is a natural-language operator for the [Flipper Zero](https:\u002F\u002Fflipperzero.one). Talk to it like you'd talk to a person — it generates payloads, deploys them, and runs them, all from a single sentence.\n\n> [!CAUTION]\n> **Authorised use only.** PromptZero generates and runs RF, NFC, RFID, and HID payloads — illegal outside contexts you own or have written authorisation to test. Read [`SECURITY.md`](SECURITY.md) for the safety model and threat boundary. The project is under active development; APIs and tools change between minor versions.\n>\n> *Built end-to-end with [Claude](https:\u002F\u002Fclaude.ai). Review generated payloads before deployment.*\n\n```\npromptzero> make me a Starbucks WiFi captive portal\n  Generated and deployed evil_portal to \u002Fext\u002Fapps_data\u002Fevil_portal\u002Findex.html\n  Evil portal started on Marauder devboard\n\npromptzero> scan for nearby WiFi networks and deauth the strongest one\n  Found 12 access points. Strongest: \"NETGEAR-5G\" (-31 dBm, channel 6)\n  Selected AP 0. Deauth attack running...\n\npromptzero> create a BadUSB payload that opens a reverse shell on Windows\n  Generated and deployed badusb to \u002Fext\u002Fbadusb\u002Fgenerated_payload.txt\n  Ready to execute - plug into target and run\n\npromptzero> identify this device: \u002Ftmp\u002Fremote.jpg\n  That's a Samsung BN59 series TV remote using the Samsung32 IR protocol.\n  I can generate a complete remote file. Want me to create it?\n```\n\n---\n\n## Quick start\n\n**Prerequisites** — Flipper Zero with modded firmware (Momentum \u002F Unleashed \u002F RogueMaster), an Anthropic API key, and a USB cable.\n\n```bash\n# 1. Install (Linux\u002FmacOS, amd64\u002Farm64) — pinned to release artifacts (immutable per tag)\ncurl -fsSL https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero\u002Freleases\u002Flatest\u002Fdownload\u002Finstall.sh | sh\n\n# 2. Configure\nexport ANTHROPIC_API_KEY=\"sk-ant-...\"\n\n# 3. Run\npromptzero\n```\n\n```\npromptzero> what's connected?\n  Flipper Zero — firmware 0.99.1, hardware v7.4\n  Battery 84 % | SD card 4.1 GB free \u002F 7.4 GB total\n```\n\nThat's the whole onboarding. From here, type natural-language instructions or `\u002Fhelp` to see slash commands.\n\n> **Defensive posture (one-flag safety rail):** add `--read-only` to refuse any tool that writes, transmits, or executes. Pure reads \u002F scans \u002F queries still dispatch; anything risk-Medium or above is refused at the boundary. See [Read-only safety rail](docs\u002Freference\u002Fconfiguration.md#read-only-safety-rail) for the full rule.\n>\n> ```bash\n> promptzero --read-only          # blue-team \u002F forensics \u002F training\n> ```\n\n**Other paths:** Windows users grab the `.zip` from the [releases page](https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero\u002Freleases). WSL2 needs USB passthrough — see [Transports → WSL2](docs\u002Freference\u002Ftransports.md#wsl2-usb-passthrough). For wireless BLE, config files, personas, environment variables, and self-upgrade: [Configuration reference](docs\u002Freference\u002Fconfiguration.md).\n\n---\n\n## What it does\n\nPromptZero connects to your Flipper Zero (and optional ESP32 Marauder WiFi devboard) over USB serial or BLE, then lets you control everything through natural language.\n\n| Subsystem | Capabilities |\n|---|---|\n| **Flipper Zero** | Sub-GHz TX\u002FRX, IR TX\u002FRX, NFC detect\u002Femulate, RFID read\u002Fwrite\u002Femulate, iButton, GPIO, BadUSB, storage, app launcher |\n| **ESP32 Marauder** | WiFi scan, deauth, beacon spam, probe flood, PMKID capture, evil portal, BLE spam, BT scanning, skimmer detection, wardriving, MAC spoofing |\n| **AI Generation** | Evil portal HTML, BadUSB DuckyScript, Sub-GHz `.sub`, IR `.ir`, NFC `.nfc` from natural language — plus parametric builders for typed parameters |\n| **Intelligence** | Image analysis via Claude vision (file path → device ID + attack vector), SD card discovery |\n| **Audit** | SQLite audit log with MITRE ATT&CK technique tags, session export, statistics |\n\nRun `promptzero` and type `\u002Ftools` for the live registry. Tool count grows release-over-release.\n\nThe **agent layer** ships prompt caching, cost-tier model routing (recon on Haiku \u002F exploit on Opus), prompt-injection quarantine, reflexion-on-error with structured `ToolError`, a `\u003Cdevice-state>` oracle injected each turn, and OpenTelemetry GenAI spans. See [`docs\u002F`](docs\u002F) for architecture details.\n\n---\n\n## Modes\n\n### CLI — `promptzero`\n\nDefault. Interactive REPL.\n\n```\npromptzero> scan the SD card and show me what signals I have saved\npromptzero> transmit the garage door signal\npromptzero> read the NFC tag on my desk\n```\n\nSlash commands (run `\u002Fhelp` for the full list with descriptions):\n\n- **Conversation**: `\u002Fhelp`, `\u002Freset`, `\u002Fquit`\n- **Session**: `\u002Fsessions`, `\u002Fsave \u003Cname>`, `\u002Fresume \u003Cid>`, `\u002Fforget \u003Cid>`\n- **Info**: `\u002Fstatus`, `\u002Ftools [filter|page \u003Cn>]`, `\u002Fhistory [N]`, `\u002Faudit {stats|find|tail|top|session|query|export}`, `\u002Fstats [section]`, `\u002Fcost`, `\u002Fbudget [set \u003CUSD>|off]`, `\u002Fdebug`\n- **Operator**: `\u002Fpersona [name]`, `\u002Fmode [name]`, `\u002Fwatch [pause|resume]`, `\u002Fwebhooks [test \u003Cname>]`, `\u002Fvalidate \u003Cpath>`, `\u002Fattack {set|clear} \u003Ctechniques>`, `\u002Fcampaign {validate|run} \u003Cfile>`, `\u002Frewind [snapshot]`, `\u002Freport [session] [json] [save]`, `\u002Frules [list|pause|resume|test]`\n- **Device**: `\u002Freconnect`\n\nKeystrokes during a turn:\n\n- **Ctrl+C** — cancel the current turn entirely.\n- **Ctrl+G** — abort the current streaming tool (e.g. `subghz_receive`, `wifi_scan_ap`) but let the agent continue with the partial result. Use this when you've seen what you needed and don't want to wait out the full duration.\n- **Ctrl+R** — reverse-incremental history search.\n- **Ctrl+L** — clear screen.\n\n### Web UI — `promptzero --web`\n\nDark-themed browser interface at `http:\u002F\u002Flocalhost:8080`. Includes the chat surface, a live Flipper viewport, file browser, audit log, report builder, and (when a Marauder is connected) a TFT display panel.\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\".github\u002Fassets\u002Fweb.png\" alt=\"PromptZero web UI — chat, live Flipper viewport, file browser, audit log\" width=\"900\">\n\u003C\u002Fp>\n\n> [!IMPORTANT]\n> **Auth.** Set `web.token` in your config or `PROMPTZERO_WEB_TOKEN` in env. The browser picks up `#token=…` from the URL fragment on first load and caches it in `sessionStorage`. Empty token + non-loopback bind → server prints a red warning. PromptZero speaks plain HTTP — terminate TLS at a reverse proxy (Caddy \u002F Traefik \u002F nginx) or a Tailscale \u002F Cloudflare tunnel.\n\n### Voice — `promptzero --voice`\n\nPush-to-talk in CLI mode. Press Enter with no text to record (requires `sox`); audio is transcribed via OpenAI Whisper, then processed as a normal command.\n\n```\nUbuntu\u002FDebian:  apt install sox\nmacOS (brew):   brew install sox\nArch:           pacman -S sox\n```\n\n### MCP — `promptzero --mcp`\n\nRuns as a [Model Context Protocol](https:\u002F\u002Fmodelcontextprotocol.io\u002F) server over stdio. Add to Claude Desktop \u002F Claude Code:\n\n```json\n{\n  \"mcpServers\": {\n    \"promptzero\": {\n      \"command\": \"\u002Fpath\u002Fto\u002Fpromptzero\",\n      \"args\": [\"--mcp\"]\n    }\n  }\n}\n```\n\n> [!IMPORTANT]\n> **MCP risk gate.** Risk-High and Risk-Critical tools are refused by default — set `PROMPTZERO_MCP_ALLOW_HIGH=1` and \u002F or `PROMPTZERO_MCP_ALLOW_CRITICAL=1` to allow them. All MCP calls (allowed or denied) are recorded in the audit log. See [Safety model](#safety-model) below.\n\n---\n\n## Safety model\n\nPromptZero is dual-use offensive tooling. The safety story is the project's social licence to exist.\n\n- **Risk classification per tool.** Every spec carries a tier — Low \u002F Medium \u002F High \u002F Critical. Read-only ops are Low; destructive RF transmit, RFID write, BadUSB run, factory-reset are Critical.\n- **Consent gate.** High and Critical tools require operator confirmation. The CLI shows a boxed preview (frequency \u002F modulation \u002F hex) with a 2-second delay; positive consent (`y`, `all`, `confirm`) is rejected before the delay opens. Negative decisions (`n`, `r` for revise, Esc) bypass the delay.\n- **MCP refuses by default.** No MCP client can run High+ tools without explicit env-var opt-in (see above).\n- **Audit-log fail-closed.** If no audit log is initialised, the agent refuses High+ actions rather than running them silently.\n- **Prompt-injection quarantine.** Tool outputs (scanned SSIDs, captured packets, image content, SD filenames) are wrapped before being fed back into the model so they can't override the system prompt.\n- **No auto-deploy of generated payloads.** BadUSB scripts deploy without execution by default.\n\nRead [`SECURITY.md`](SECURITY.md) for the full threat model, scope \u002F out-of-scope, and how to report a vulnerability.\n\n---\n\n## Compatibility\n\n| Firmware | Status |\n|---|---|\n| **Momentum** (formerly Xtreme) | Primary target |\n| **Unleashed** | Supported |\n| **RogueMaster** | Supported |\n| **Official (OFW) 1.x** | Supported with reduced feature set — region-locked Sub-GHz, no rolling code |\n\n> [!NOTE]\n> Official firmware locks Sub-GHz TX to region-specific ISM bands and blocks rolling-code protocols. Modded firmware unlocks the full CC1101 range (300–348 \u002F 387–464 \u002F 779–928 MHz) and enables TX for all 52 supported protocols.\n\nESP32 Marauder devboard requires firmware **v1.11.1+** over USB CDC ACM (`\u002Fdev\u002FttyACM1` for the official Flipper WiFi devboard, baud 115200).\n\nFor BLE wireless (no cable, all tools work, ~10× slower than USB) and per-platform pairing: see [Transports reference](docs\u002Freference\u002Ftransports.md).\n\n---\n\n## Documentation\n\n- [`docs\u002F`](docs\u002F) — handbook with task-oriented scenarios, prompt patterns, and reproducible transcripts.\n- [`docs\u002Freference\u002Ftools.md`](docs\u002Freference\u002Ftools.md) — every tool's schema, risk level, and the prompts that fire it reliably.\n- [`docs\u002Freference\u002Ftransports.md`](docs\u002Freference\u002Ftransports.md) — serial, BLE, WSL2 setup.\n- [`docs\u002Freference\u002Fconfiguration.md`](docs\u002Freference\u002Fconfiguration.md) — config file, env vars, personas, rules, self-upgrade.\n- [`SECURITY.md`](SECURITY.md) — threat model and disclosure policy.\n- [`examples\u002F`](examples\u002F) — copy-paste templates: config, rules, four operator personas (red team \u002F blue team \u002F CTF \u002F hardware lab).\n- [`CHANGELOG.md`](CHANGELOG.md) — what's in each release.\n\n---\n\n## Build & contribute\n\nSee [`CONTRIBUTING.md`](CONTRIBUTING.md). Short version:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Fxunholy\u002Fpromptzero.git\ncd promptzero\ntask dev:setup\ntask build\ntask test\n```\n\n---\n\n## License\n\n[AGPL-3.0-or-later](LICENSE). Hosting a modified PromptZero as a network service requires publishing source changes under the same license.\n\n---\n\n\u003Csub>Built with [Claude](https:\u002F\u002Fclaude.ai) by [xunholy](https:\u002F\u002Fgithub.com\u002Fxunholy).\u003C\u002Fsub>\n","PromptZero 是一个基于自然语言操作的 Flipper Zero 控制工具。其核心功能包括通过简单的语句生成、部署和运行各种有效载荷，如RF、NFC、RFID及HID等，适用于网络安全测试与硬件黑客实验场景。采用Go语言开发，并集成了Claude AI以实现更流畅的人机交互体验。该工具特别适合于需要对无线网络、物理访问控制设备进行合法授权下的渗透测试的专业人士使用。用户只需提供基本指令，PromptZero 即可完成从创建WiFi热点到执行BadUSB攻击等一系列复杂操作。注意，在使用前请确保已阅读安全指南并获得相应权限。",2,"2026-06-11 03:32:27","CREATED_QUERY"]