← Back to Skills Marketplace
Red Team
by
retrodigio
· GitHub ↗
· v1.0.0
438
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install red-team
Description
Adversarial multi-agent debate engine for stress-testing decisions, ideas, and strategies. Orchestrates multiple AI agents with conflicting worldviews (bull,...
Usage Guidance
This skill appears to do what it says, but take these precautions before installing or running it:
- Understand where data goes: the script calls external model CLIs (Claude/Codex/Gemini) and will send the question, persona system prompts, and any context file you provide to those third-party services. Do not include secrets, private credentials, or confidential documents in the context file unless you trust the target model/provider and account.
- Trust the CLIs: you must install and run vendor CLIs locally; ensure those packages are from official sources and that your account/subscription is intended to be used this way.
- Inspect custom personas and context files: custom persona JSON or other inputs are merged into prompts. Only use custom persona files from trusted authors — a malicious custom persona could craft prompts that produce undesirable outputs or leak data to the model.
- Review the full script: part of the Python file was truncated in the package listing; if you need high assurance, open and read the entire scripts/red-team.py to confirm there are no hidden network calls, logging to unexpected endpoints, or file exfiltration code beyond calls to the recognized CLIs.
- Sandbox if needed: run first in an isolated environment or with non-sensitive dummy data to observe behavior and network traffic.
If you want, I can (1) walk through the full red-team.py file line-by-line, (2) point out exactly where user data is injected into prompts, or (3) suggest safer invocation patterns (e.g., redact secrets, run in an isolated account) — tell me which you prefer.
Capability Analysis
Type: OpenClaw Skill
Name: red-team
Version: 1.0.0
The skill is classified as suspicious due to the significant prompt injection surface against the underlying Large Language Models (LLMs). User-controlled inputs, particularly the `system` prompts defined in custom persona JSON files and the `question` and `context` arguments, are directly fed to the LLMs via `subprocess.run` calls in `scripts/red-team.py`. While the script itself does not exhibit malicious host-system behavior (e.g., data exfiltration, unauthorized command execution, or persistence), this design allows a malicious user to manipulate the LLM's behavior, potentially leading to the generation of harmful content, ignoring instructions, or other unintended AI actions. The broad file read/write capabilities (`--context-file`, `--output`) are used for the stated purpose and do not show malicious intent.
Capability Assessment
Purpose & Capability
Name/description (adversarial debate engine) align with the included Python script and persona library. Requiring a local AI CLI (claude/codex/gemini) is expected for this functionality; no unrelated credentials or system accesses are requested.
Instruction Scope
SKILL.md instructs running the included script, selecting personas, and optionally feeding a context file. That context and all persona text are placed into prompts and sent to external model CLIs — so any sensitive data in the context will be transmitted to those third parties. A pre-scan flagged a 'system-prompt-override' pattern; the skill legitimately uses system prompts to define personas, but this pattern is worth noting because it can be abused in other contexts.
Install Mechanism
No install spec is included; the skill is instruction- and script-based. The README suggests installing vendor CLIs with npm (well-known packages), which is low/moderate risk and expected. There are no downloads from arbitrary URLs or archive extraction in the package itself.
Credentials
The skill declares no required environment variables or credentials; it relies on the user's installed model CLIs and their existing authenticated subscriptions. This is proportional to its purpose. Users should note those CLIs use their account tokens and will accept the prompts constructed by the script.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistence or modifications to other skills. It runs on demand and does not declare elevated platform privileges.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install red-team - After installation, invoke the skill by name or use
/red-team - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release: adversarial multi-agent debate engine with 12 personas, multi-backend support (claude/codex/gemini)
Metadata
Frequently Asked Questions
What is Red Team?
Adversarial multi-agent debate engine for stress-testing decisions, ideas, and strategies. Orchestrates multiple AI agents with conflicting worldviews (bull,... It is an AI Agent Skill for Claude Code / OpenClaw, with 438 downloads so far.
How do I install Red Team?
Run "/install red-team" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Red Team free?
Yes, Red Team is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Red Team support?
Red Team is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Red Team?
It is built and maintained by retrodigio (@retrodigio); the current version is v1.0.0.
More Skills