Global Settings
Global Settings is the central configuration page for resources shared across all projects and users. It is accessible from the gear icon in the top navigation bar (far right).
The page is divided into three sections: LLM Providers, Tool API Keys, and Attack Skills.
Configure the AI model providers that power the agent. All providers added here become available in the model selector of every project's settings.
Each provider card shows its icon, name, type, and — for OpenAI-Compatible entries — the model identifier. You can edit, delete, or test each provider from its card.
Click Add Provider to register a new provider. Choose the type (OpenAI, Anthropic, OpenRouter, AWS Bedrock, or OpenAI-Compatible), enter your credentials, and test the connection before saving.
For full details on supported providers, model discovery, and setup guides, see AI Model Providers.
Store API keys for external OSINT and reconnaissance services. These keys are saved per-user in the database and are used by the agent's tools at runtime.
| Field | What it enables |
|---|---|
| Tavily API Key |
web_search tool — CVE research, exploit lookups, and general web queries |
| Shodan API Key |
shodan tool — internet-wide OSINT (host info, reverse DNS, domain DNS, passive CVEs) and Shodan recon pipeline modules |
| SerpAPI Key |
google_dork tool — Google dorking OSINT (site:, inurl:, filetype:). Free tier: 250 searches/month |
Each field is a secret input with an eye icon to toggle visibility. Signup links are provided next to each field to help you obtain a key. After entering or updating a key, click Save Settings to persist the change.
Note: Tool API keys are stored exclusively in the database via this page. They are not read from environment variables.
Upload and manage custom attack workflow skills (.md files) that teach the agent exploitation techniques beyond the built-in CVE, brute-force, and phishing workflows.
Each skill card shows the skill name, description, and upload date, with actions to edit description, download, or delete.
- Upload Skill (.md) — select a Markdown file, enter a descriptive name and an optional short description (1-2 sentences used by the Intent Router for classification), then click Upload.
- Edit description — click the pencil icon on any skill to update its description without re-uploading the file.
- Delete — removes the skill and automatically disables it in all project configurations.
Uploaded skills appear as toggles in every project's settings, so each project can independently choose which skills to enable.
For details on writing skill files, classification, and built-in skills, see Attack Skills.