Suggest a Tool

Email us a link and we'll review it for inclusion.

Every listing on Neighbourhood Claw is hand-reviewed by an operator. We don't accept automated submissions yet — but we read every suggestion sent to:

mail hello@nbhdclaw.com

Include the URL, a one-line pitch, and (optionally) a category. We aim to respond within a week.

Neighbourhood Claw
Browse Tools Suggest a Tool
Neighbourhood Claw
xalgorix Security tool screenshot — openclaw.ai
Security

xalgorix

xalgorix is an autonomous AI-powered penetration testing engine written in Go that runs comprehensive security assessments with minimal human intervention.

open_in_new Visit Site
Added
1 month ago

About

xalgorix is an autonomous AI-powered penetration testing engine written in Go that runs comprehensive security assessments with minimal human intervention. You point it at a target URL, choose one of three scan modes (single target, dynamic application security testing, or wildcard subdomain enumeration), and the AI agent orchestrates 70+ security tools through a 20-phase methodology to identify vulnerabilities. It ships with a web UI for live monitoring and chat during scans, auto-generates PDF reports, and supports multiple LLM providers including OpenAI, Anthropic, DeepSeek, and local models via Ollama.

person_check
Best For

Security professionals and developers conducting authorised penetration tests who want to automate the heavy lifting of reconnaissance and vulnerability scanning, particularly those comfortable with CLI tooling and self-hosted LLM setups.

Pros & Cons

check_circle

Pros

  • check Autonomous 20-phase methodology covers reconnaissance through exploitation without manual intervention between stages
  • check Supports 70+ security tools with automatic installation — no need to pre-configure a complex security toolchain
  • check Multi-LLM support including Ollama means you can run entirely locally without sending data to external API providers
  • check Built-in CVE search, exploit database integration, and scan persistence (resume interrupted tests) are production-quality features
  • check Web UI with live feed and real-time chat makes monitoring long-running scans practical
cancel

Cons

  • close Requires an LLM API key and a properly configured environment to function — setup is non-trivial for newcomers
  • close Running costs scale with scan complexity since every LLM decision call costs tokens on paid providers
  • close As with any automated pentesting tool, legal and ethical use requires explicit authorisation for every target scanned
  • close Go 1.25+ requirement means keeping tooling current; browser automation component adds additional dependencies

More Security

Other tools in the same category.

View All arrow_forward
AgentKeys
add

AgentKeys

AgentKeys is a credential proxy service …

FREE
ClawBands
add

ClawBands

ClawBands is a security middleware …

FREE