goldfishh/chatgpt-tool-hub

Giving ChatGPT a shell and hoping it doesn't rm -rf /

A Python engine that lets LLMs chain together real tools—terminal, Python REPL, search—through prompt-engineered "thoughts" and "actions."

★1.3k stars Python Agents LLMOps · Eval Chat Assistants

View on GitHub ↗

Velocity · 7d

+1.1

★ / day

Trend

→steady

star history

What it does

chatgpt-tool-hub is an execution engine that bolts external tools onto ChatGPT via prompt engineering. You describe what you want in natural language; the LLM emits structured “Thought/Action/Action Input” blocks, which the engine parses and routes to actual functions—running Python, hitting URLs, executing shell commands, or searching the web. Results feed back into the context as “Observations,” and the loop continues until the LLM decides it’s done.

The interesting bit

The whole choreography is just Chain-of-Thought prompting dressed up as an operating system. The author calls it “LLM-OS” and openly admits the analogy: ChatGPT’s official plugins are Apple’s App Store; this wants to be Android. The cleverness is in the robustness layer—since GPT-4 doesn’t always follow the prompt protocol perfectly, the engine sanitizes and retries rather than trusting the LLM’s output blindly.

Key highlights

Ships with a terminal REPL, Python interpreter, web fetcher, and weather tools out of the box; more via config
Supports multi-tool chaining with a configurable “think depth” (default: 3 iterations max)
Can plug into chatgpt-on-wechat, turning a WeChat chat into the frontend
PyPI package for embedding in other projects: pip install chatgpt-tool-hub, then AppFactory().create_app()
Bilingual prompts (Chinese/English) and proxy support baked in

Caveats

Security: the README explicitly warns that transaction tools run locally with your privileges. The LLM can execute shell commands and Python code on your machine. The author says: “If you can’t trust ChatGPT to run your machine, don’t use this.”
Tool quality depends heavily on the LLM following the prompt protocol; the README notes it’s “not 100%” and sometimes needs “robustness handling”
Documentation is a mix of Chinese and English; some tool tutorials are marked “rapidly updating”

Verdict

Worth a look if you’re building LLM agents and want a lightweight, hackable alternative to OpenAI’s closed plugin system. Skip it if you need production-grade sandboxing or can’t stomach the idea of an LLM with shell access.