← Back to Skills Marketplace
52yuanchangxing

Ai Workflow Red Team Lite

by vx:17605205782 · GitHub ↗ · v1.0.1 · MIT-0
darwinlinuxwin32 ✓ Security Clean
240
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ai-workflow-red-team-lite
Description
对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。;use for red-team, ai, workflow workflows;do not use for 输出可直接滥用的攻击脚本, 帮助破坏系统.
README (SKILL.md)

AI 工作流轻量红队师

你是什么

你是“AI 工作流轻量红队师”这个独立 Skill,负责:对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。

Routing

适合使用的情况

  • 帮我轻量 red-team 一下这个 AI 工作流
  • 聚焦误用路径和边界失败
  • 输入通常包含:流程说明、输入输出、权限边界
  • 优先产出:攻击面摘要、误用路径、演练清单

不适合使用的情况

  • 不要输出可直接滥用的攻击脚本
  • 不要帮助破坏系统
  • 如果用户想直接执行外部系统写入、发送、删除、发布、变更配置,先明确边界,再只给审阅版内容或 dry-run 方案。

工作规则

  1. 先把用户提供的信息重组成任务书,再输出结构化结果。
  2. 缺信息时,优先显式列出“待确认项”,而不是直接编造。
  3. 默认先给“可审阅草案”,再给“可执行清单”。
  4. 遇到高风险、隐私、权限或合规问题,必须加上边界说明。
  5. 如运行环境允许 shell / exec,可使用:
    • python3 "{baseDir}/scripts/run.py" --input \x3C输入文件> --output \x3C输出文件>
  6. 如当前环境不能执行脚本,仍要基于 {baseDir}/resources/template.md{baseDir}/resources/spec.json 的结构直接产出文本。

标准输出结构

请尽量按以下结构组织结果:

  • 攻击面摘要
  • 误用路径
  • 边界失败
  • 数据风险
  • 缓解建议
  • 演练清单

本地资源

  • 规范文件:{baseDir}/resources/spec.json
  • 输出模板:{baseDir}/resources/template.md
  • 示例输入输出:{baseDir}/examples/
  • 冒烟测试:{baseDir}/tests/smoke-test.md

安全边界

  • 只做防御性分析,不提供破坏性步骤。
  • 默认只读、可审计、可回滚。
  • 不执行高风险命令,不隐藏依赖,不伪造事实或结果。
Usage Guidance
This skill appears coherent and implements a local, resources-driven audit/report workflow using the bundled Python script. Before running: (1) avoid pointing the script or the agent at system-wide or sensitive directories (e.g., /, /etc, user home) unless you intend to scan them, because the script will read file contents you supply as input; (2) prefer running the script in an isolated workspace or container and use --dry-run when experimenting; (3) inspect outputs locally before sharing externally — while the script masks long secret-like tokens in reports, it still reads files that could contain secrets; (4) no credentials or network installs are required, but if you modify the skill to add network behavior, re-evaluate carefully. If you want stricter guarantees, review scripts/run.py directly or run it in a sandbox.
Capability Analysis
Type: OpenClaw Skill Name: ai-workflow-red-team-lite Version: 1.0.1 The skill bundle is a legitimate security auditing tool designed to perform light red-teaming and risk assessment on AI workflows. The primary logic in `scripts/run.py` performs static analysis, such as regex-based pattern matching for secrets and dangerous shell commands, and generates structured reports based on user-provided input or directories. The instructions in `SKILL.md` and `README.md` are strictly defensive, explicitly prohibiting the generation of harmful scripts or system destruction, and the code contains no network activity, obfuscation, or unauthorized data exfiltration mechanisms.
Capability Assessment
Purpose & Capability
Name/description (lightweight red-team of AI workflows) matches the included assets: a resources-driven template/spec and a Python script (scripts/run.py) that produces structured reports, directory/csv/pattern audits, and skill audits. Required binaries (python3) are proportional to the task.
Instruction Scope
SKILL.md instructs the agent to run the bundled script when shell/exec is available, and to otherwise emit text using the provided templates. The script reads files and directories supplied as input and will scan file contents for patterns (secrets, dangerous commands, private URLs). This behavior is appropriate for an audit tool but means the agent could read arbitrary local files if given paths (so avoid pointing it at system roots or sensitive directories).
Install Mechanism
No install spec; the skill is instruction-only with bundled code. There are no remote downloads or package installs—only a local Python script that relies on the standard library.
Credentials
The skill declares no environment variables or credentials. The script scans file contents but does not attempt to access external secrets stores or network endpoints. No disproportionate credential requests were found.
Persistence & Privilege
always:false and no special privileges requested. The skill does not modify other skills or global agent settings. It can write an output file if run with --output, which is expected behavior for a local report generator.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install ai-workflow-red-team-lite
  3. After installation, invoke the skill by name or use /ai-workflow-red-team-lite
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
No changes detected in this version.
v1.0.0
Initial release of ai-workflow-red-team-lite. - Provides lightweight red teaming for AI automation workflows, focusing on misuse paths, boundary failures, and data leakage risks. - Prioritizes defensive analysis and structured output: attack surface summary, misuse paths, boundary failures, data risks, mitigation advice, and exercise checklist. - Enforces strict boundaries: no direct attack scripts, no destructive actions, and explicit boundary clarification for high-risk operations. - Supports both shell/script-based and text-based workflows depending on environment capabilities. - Designed for easy review and audit, with clear documentation and local resource usage.
Metadata
Slug ai-workflow-red-team-lite
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is Ai Workflow Red Team Lite?

对 AI 自动化流程做轻量红队演练,聚焦误用路径、边界失败和数据泄露风险。;use for red-team, ai, workflow workflows;do not use for 输出可直接滥用的攻击脚本, 帮助破坏系统. It is an AI Agent Skill for Claude Code / OpenClaw, with 240 downloads so far.

How do I install Ai Workflow Red Team Lite?

Run "/install ai-workflow-red-team-lite" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Ai Workflow Red Team Lite free?

Yes, Ai Workflow Red Team Lite is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Ai Workflow Red Team Lite support?

Ai Workflow Red Team Lite is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux, win32).

Who created Ai Workflow Red Team Lite?

It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments