Skip to content

sw30labs/strix-omlx

Repository files navigation

strix-omlx

A tiny wrapper that points Strix — the open-source autonomous AI security‑testing agent — at a local OMLX MLX inference server, so it runs entirely on your own Apple‑Silicon machine against an abliterated ("Heretic'd") uncensored model.

This repository is not Strix. It is a thin set of setup scripts around the upstream project. All the real work — the agent, the tools, the scanning — is usestrix/strix (Apache‑2.0). Please star and support the upstream project. 🙏

📊 Looking for benchmarks and comparisons? See the companion repo sw30labs/strix-research — model comparisons, run results, and analysis of Strix across different models and backends.


Why this exists

Strix normally runs against a frontier hosted model. This wrapper instead wires it to a model served locally by OMLX — a local, OpenAI‑compatible MLX inference server with an admin dashboard at http://127.0.0.1:8000/admin/dashboard. Because OMLX speaks the OpenAI API, Strix reaches it through LiteLLM's openai/ routing.

The model used here is MiniMax-M2.7-ultra-uncensored-heretic-oQ4-MLX: a MiniMax‑M2 checkpoint that has been abliterated with Heretic — an automated tool that removes a model's built‑in refusal directions. Safety‑tuned models frequently refuse legitimate offensive‑security work (writing an exploit for a lab target, enumerating a vulnerable app, crafting a payload). An abliterated model cooperates with those authorized tasks, which is what makes it useful as the engine behind a pentest agent.

Running the model locally also means your targets, prompts, and findings never leave your machine — no data goes to a hosted API.

What you get

Script Backend Endpoint (default)
setup-strix-omlx.sh OMLX (local MLX, Apple Silicon) http://127.0.0.1:8000/v1
setup-strix-ollama.sh Ollama http://localhost:11434/v1
setup-strix-sglang-dgx.sh SGLang (NVIDIA DGX) http://localhost:30000/v1
run-strix.sh generated launcher (reads ~/.strix/cli-config.json)

In action

Strix decomposing a security assessment of the demo e-banking app into five specialized agents — SQL injection, IDOR, XSS, CSRF/business-logic, and API security — each handed a concrete test plan, all driven by the local model:

Strix spawning five specialized security agents, each with its own test plan

One of those agents working inside its isolated Docker sandbox: listing /workspace/ebanking, reading the intentionally-vulnerable Flask app, and surfacing an unsanitized SQL UPDATE (a textbook SQL-injection sink):

A Strix agent enumerating the target source in its sandbox and finding an unsanitized SQL query

That sandbox is a real container — Docker Desktop showing the usestrix/strix-sandbox image running. Strix spins one up per run, so all tooling and exploitation stay isolated from your host:

Docker Desktop showing the usestrix/strix-sandbox container running

The OMLX admin dashboard serving MiniMax-M2.7-ultra-uncensored-heretic-oQ4-MLX to all five agents concurrently — ~89% prompt-cache efficiency and per-request token generation, entirely on one Apple-Silicon box:

OMLX admin dashboard serving the abliterated MiniMax model to five parallel Strix agents

The same run seen from the metal — macmon on the Apple M3 Ultra (80-core GPU, 512 GB unified memory): the model resident in ~245 GB of RAM, the GPU pinned at 96%, pulling ~132 W. No discrete GPU, no cloud:

macmon showing an Apple M3 Ultra under inference load: 47.8% of 512GB RAM used, GPU 96%, ~132W GPU power

Strix reaches that model through LiteLLM's openai/ routing — note the active model badge, openai/MiniMax-M2.7-ultra-uncensored-heretic-oQ4-MLX:

Strix waiting on five agents running in parallel, showing the openai/ model badge

Quick start (OMLX)

Prerequisites: macOS on Apple Silicon, Python 3.12+, Docker Desktop running (Strix sandboxes its agent in a container), and an OMLX server already serving MiniMax-M2.7-ultra-uncensored-heretic-oQ4-MLX.

git clone https://github.com/sw30labs/strix-omlx.git
cd strix-omlx
./setup-strix-omlx.sh

The script will:

  1. Check prerequisites (Python 3.12+, Docker, Apple‑Silicon host).

  2. Ask for your OMLX URL (default http://127.0.0.1:8000/v1) and API key (default test), then list the models the server is serving (sending the required Authorization: Bearer header).

  3. Ask for the model name (default MiniMax-M2.7-ultra-uncensored-heretic-oQ4-MLX).

  4. Install strix-agent into a local .strix-venv/.

  5. Write ~/.strix/cli-config.json:

    {
      "env": {
        "STRIX_LLM": "openai/MiniMax-M2.7-ultra-uncensored-heretic-oQ4-MLX",
        "LLM_API_BASE": "http://127.0.0.1:8000/v1",
        "LLM_API_KEY": "test"
      }
    }
  6. Generate run-strix.sh.

Then run Strix against a target:

./run-strix.sh --target ./your-app-directory
./run-strix.sh --target https://github.com/org/repo
./run-strix.sh --target https://your-app.com

Note: OMLX loads models on demand, so the first request may be slow while the model is loaded into memory. Watch progress on the admin dashboard at http://127.0.0.1:8000/admin/dashboard.

Authorized use only

Strix is an offensive‑security tool and the model here is deliberately uncensored. Only run it against systems you own or are explicitly authorized to test (your own apps, CTF/lab targets, engagements with written permission). Unauthorized scanning or exploitation is illegal. You are responsible for how you use this.

Related & acknowledgements

License

Apache‑2.0 (see LICENSE), matching upstream Strix. The upstream project retains its own copyright and license.

About

Simple wrapper to run Strix (usestrix/strix) against a local OMLX MLX server with an abliterated/Heretic'd uncensored model on Apple Silicon.

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors

Languages