← Back to Skills Marketplace
yao23

Red Team

by Yao Li · GitHub ↗ · v0.1.0 · MIT-0
cross-platform ⚠ suspicious
102
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install redteam
Description
Proactively scan AI agents for vulnerabilities including prompt injection, secret extraction, and tool abuse by running targeted security audits.
Usage Guidance
This skill currently appears incomplete and inconsistent with its description. Before installing or running it: 1) Ask the publisher for the missing agent_redteam package or the full source for repo_scanner and review it for network calls and credential access. 2) Do not run the skill against production or sensitive agents — run it in an isolated sandbox first. 3) Be wary of the code altering sys.path to import from parent directories (this can cause the skill to execute unrelated host code). 4) Require documentation or a homepage and verify the owner identity; if those cannot be provided, treat the skill as untrusted and avoid giving it access to any secrets or production agents.
Capability Assessment
Purpose & Capability
The SKILL.md and metadata claim full red-team capabilities (prompt injection detection, secret extraction, tool abuse). The bundled main.py does not implement those features: the 'scan' subcommand only prints 'Found 0 issues', and the repo-scanning behavior delegates to an external module (agent_redteam.repo_scanner) that is not included. The advertised capabilities are not implemented in the provided files.
Instruction Scope
Runtime instructions tell users to run '@redteam scan <agent-id>' to start a security scan, but the implementation does not perform any agent scanning. main.py modifies sys.path to import agent_redteam from two levels up, which means the skill expects to load code from the host environment — a scope expansion not documented in SKILL.md. That external import could access unrelated code or data.
Install Mechanism
No install spec is present (instruction-only plus a single Python script). Nothing is written to disk by an installer, which lowers supply-chain risk. However, the lack of a packaged dependency for agent_redteam means functionality is incomplete or relies on out-of-band components.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a scanner. However, the code's sys.path manipulation to import agent_redteam from parent directories effectively asks to load code from the agent host filesystem; that can provide access to other modules or files and should be justified. No explicit credentials are requested but host code access increases risk.
Persistence & Privilege
The skill does not request always:true, does not claim persistent presence, and does not modify agent config in the provided files. Autonomous invocation is allowed by default but is not combined with other privilege-escalating flags.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install redteam
  3. After installation, invoke the skill by name or use /redteam
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of the redteam skill. - Added proactive AI agent security scanning features. - Supports prompt injection detection, secret extraction, and tool abuse audits. - Command to scan: @redteam scan [agent-id]. - Includes help command for listing audit types.
Metadata
Slug redteam
Version 0.1.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Red Team?

Proactively scan AI agents for vulnerabilities including prompt injection, secret extraction, and tool abuse by running targeted security audits. It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.

How do I install Red Team?

Run "/install redteam" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Red Team free?

Yes, Red Team is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Red Team support?

Red Team is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Red Team?

It is built and maintained by Yao Li (@yao23); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments