EXTENSIONS
User-built models, drivers, vaults, and reports — the parts that plug into swamp.
Filter by what you need and pull what fits.
Capability Orchestrator
Capability catalog and DAG planner models for Swamp workflows and direct model method calls. Publishes capability definitions and resolves per-host requested capabilities into dependency waves for execution.
Scan Repos
Batch scan of GitLab repositories, orchestrated as a swamp workflow. Given an explicit list of repo paths, scans each in parallel. Given no list, first discovers active repos (optionally scoped to specific groups and/or by last-activity date), then scans each discovered repo. Produces one versioned `scan` resource per repo — the source-of-truth input to any downstream fact-discovery agent (typically one loading the @twonines/fact-store propose-facts skill).
Shodan
Query the Shodan internet-wide scan database to find and profile internet-exposed devices. Single API key resolved from vault. Read the account plan and remaining credits, run searches that return trimmed device records (IP, org, product, location, open port, CVEs) with facet rollups, count results without spending query credits, pull the full banner history for one IP, do keyless InternetDB lookups (ports, CPEs, tags, CVEs), and request on-demand scans of IPs you own. Built for AV/IoT exposure recon.
Branded Deck
On-brand slide deck pipeline for swamp: a workflow that renders a deck from a voiced brief and a design reference via openai-document.webpageDesign, plus a skill that guides authoring the copy in your writing-voice profile, pinning brand tokens, and converting the PDF to PPTX. Depends on the openai-document, writing-voice, and openai-image extensions.
Ai Usage
Unified cross-provider AI token usage monitoring — workflow, model, and
Review
Human-in-the-loop review canvas — serve a local web form the human gates while the agent keeps working. list mode renders a long candidate list as a curation grid (configurable option-scale + per-item comment) for migrations, triage, and cleanup approvals; doc mode is a pastebin-style markdown editor (editor left, live preview right, optional approve/revise/reject verdict) for reviewing generated docs and gating publishes. Detached serve / status / collect / stop lifecycle; every save dual-writes JSON + markdown + a timestamped append-log, and collect records the result into the data model for workflow consumption. Python-stdlib server bundled; private networks only (URL-token guarded).
Cybriq
Integrate with a CybrIQ (Sepio) asset-visibility / hardware-access-control platform over its REST + GraphQL API. Local-login bearer auth with vault-resolved credentials. Read the asset dashboard, inventory, device types, risk insights, switches, external scan engines (Netpollers), events, alarm destinations, policies, scopes, tags, and user attributes; create tags, user attributes, policies, and scopes; and reach any other endpoint through a generic authenticated passthrough.
Absurd
Drive an Absurd Postgres-based durable-execution task queue from swamp — spawn tasks, poll status, await results, emit events, cancel, and list.
Aws Cost Audit
AWS cost audit workflow — identifies infrastructure waste by combining
Aws Ops
AWS Operations Toolkit - Unified incident investigation and daily operational visibility.
Sre
SRE Health Check - Unified site reliability health check workflow with report.
Redmine Kanban
Kanban workflow reports and automation for Redmine.