Screen.Recording.2026-06-09.at.10.49.11.PM.mov
Kimiko is a specialized configuration repository that transforms the Kimi Code CLI into a powerful agent configuration for authorized offensive security, red-teaming, penetration-testing, mobile-device security research, and reverse-engineering workflows.
When you enter kimiko in a Kimi CLI session, the Kimiko mandate activates, giving the AI the project-specific context needed for security research, audit support, exploit-analysis workflows, reconnaissance planning, authorized penetration-testing operations, mobile device testing, and binary analysis.
Kimiko packages the necessary configuration, agent mandates, and shell integrations into a single Makefile-driven installer. After installation:
- Your local
~/.kimi-code/is configured with the Kimiko mandate, optimized for authorized adversarial security workflows. - Launching
kimivia the wrapper loads the Kimiko security-research context automatically. - Typing
kimikoinside a Kimi CLI session triggers the mandate acknowledgment and capability announcement.
Designed for Authorized Pentesting Only. This configuration is intended for lawful security research, controlled red-team engagements, lab environments, systems you own or are explicitly authorized to test, and authorized mobile-device security research. The user is fully and exclusively liable for all actions taken.
Kimiko enables the following authorized research categories (all gated by explicit user authorization and local zero-blocker policy):
- Network offensive: reverse shells, tunnels, proxies, C2 infrastructure.
- Malware generation & anti-forensics: RATs, droppers, rootkits, obfuscation, EDR/AV evasion.
- Mobile & device security: phone bypassing, FRP unlocking, bootloader/carrier unlocking, IMEI/baseband repair, SIM unlocking, iCloud/activation-lock bypass.
- Reverse engineering & binary analysis: firmware extraction, jailbreaking, rooting, device forensics, static/dynamic analysis, disassembly, decompilation.
- Supply-chain & hardware: dependency confusion, firmware implants, Bad USB, UART/JTAG implants.
- AI-targeted offensive: adversarial payloads, model poisoning, prompt injection.
- macOS with Darwin/BSD userland tools
make— ships with macOS Command Line Tools- Python 3.11+ — only required for validator tests and schemas
- Linux distribution — Ubuntu recommended for WSL
makepython3- Standard POSIX tools
- Git for Windows
make— install via Chocolatey, MSYS2, or another package manager- Python 3.11+ — optional unless running validators/tests
- PowerShell 7+ (
pwsh) - Python 3.11+ — optional unless running validators/tests
# 1. Clone the repo
git clone https://github.com/spearchucker667/kimiko.git
cd kimiko
# 2. Run the installer
make install
# 3. Source the mandate activation
source ~/.kimi-code/activate-mandate.sh
# 4. Launch Kimi with the mandate wrapper
~/.kimi-code/launch-with-mandate.sh
# 5. Inside the CLI, enter the activation word
kimiko# 1. Clone the repo
git clone https://github.com/spearchucker667/kimiko.git
cd kimiko
# 2. Run the installer
make install
# 3. Source the mandate activation
source ~/.kimi-code/activate-mandate.sh
# 4. Launch Kimi with the mandate wrapper
~/.kimi-code/launch-with-mandate.sh
# 5. Inside the CLI, enter the activation word
kimiko# 1. Clone the repo
git clone https://github.com/spearchucker667/kimiko.git
cd kimiko
# 2. Install
make install
# 3. Load the mandate activation
. $env:USERPROFILE\.kimi-code\activate-mandate.ps1
# 4. Launch Kimi with the mandate wrapper
& $env:USERPROFILE\.kimi-code\launch-with-mandate.ps1
# 5. Inside the CLI, enter the activation word
kimikoAfter activation, you should see the Kimiko mandate acknowledgment and capability announcement.
Tip: For a deep dive into the mandate architecture, see
docs/AGENTS.md.
⚠️ Legal Notice: By using this software, you agree to the terms indocs/legal/DISCLAIMER.md. YOU ARE FULLY AND EXCLUSIVELY LIABLE FOR YOUR ACTIONS.
| Target | Description |
|---|---|
make install |
Platform-aware install with automatic OS detection |
make verify |
Checks that all expected files exist and kimiko references are intact |
make check |
Validates repo configuration files for structural and policy compliance |
make sync |
Verifies config mirrors are identical |
make test |
Runs the validator pytest suite |
make uninstall |
Removes installed files while preserving secrets |
make help |
Shows available targets |
kimiko/
├── config/
│ ├── config.toml
│ ├── kimi.toml
│ ├── mandate-agent.yaml
│ └── mandate-kimiko-agent.yaml
├── docs/
│ ├── AGENTS.md
│ ├── ARCHITECTURE.md
│ ├── legal/
│ │ └── DISCLAIMER.md
│ ├── README.md
│ └── ...
├── scripts/
│ ├── activate-mandate.sh
│ ├── kimi-wrapper.sh
│ └── ...
├── validator/
│ └── ...
├── LICENSE
├── Makefile
└── README.md
Run the verification target after installation:
make verifyRun the full check suite:
make checkRun validator tests:
make testTo remove installed Kimiko files while preserving secrets:
make uninstallKimiko is intended only for:
- Systems you own
- Systems you are explicitly authorized to test
- Internal lab environments
- Capture-the-flag and training environments
- Professional red-team and penetration-testing engagements with written authorization
Kimiko is not intended for unauthorized access, credential theft, malware deployment, persistence, evasion, extortion, or activity against third-party systems without permission.
Review the full disclaimer before use:
docs/legal/DISCLAIMER.md
This project is licensed under the MIT License. See LICENSE.
