← Back to Skills Marketplace

redc

Name: redc
Author: no-github

by r0fus0d · GitHub ↗ · v1.0.3 · MIT-0

macoslinuxwindows ⚠ suspicious

304

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install redc

Description

Red team infrastructure multi-cloud automated deployment tool. Deploy, manage, and monitor cloud instances across Alibaba Cloud, AWS, Tencent Cloud, Volcengi...

Usage Guidance

This tool is a legitimate Terraform-based multi-cloud deployment helper, but exercise caution before using it. Key actions to take before installing or running: 1) Only install the redc binary from the official GitHub releases and verify checksums as instructed. 2) Do not set multiple cloud provider credentials at once; set only the single provider credentials you intend to use and prefer short-lived, scoped credentials or roles. 3) Always inspect templates (main.tf, provisioners, user_data, local-exec) and run terraform plan — templates can run arbitrary commands locally or on instances. 4) Run redc in an isolated environment or throwaway cloud accounts when testing. 5) Be aware metadata under-declares provider env vars (only Alibaba is listed) — the skill can legitimately use many other provider credentials, so double-check which secrets you supply. If you are not comfortable manually auditing Terraform templates or limiting credentials, avoid using this skill or restrict it to a disposable VM/account.

Capability Analysis

Type: OpenClaw Skill Name: redc Version: 1.0.3 The 'redc' skill (SKILL.md) is a multi-cloud deployment tool that manages sensitive cloud credentials and provides remote execution capabilities via 'exec_command' and 'upload_file'. It downloads Terraform templates from an external registry (redc.wgpsec.org) which may contain 'local-exec' or 'remote-exec' provisioners, posing a risk of arbitrary code execution. While the documentation includes explicit safety instructions for the AI agent to inspect templates and run 'plan_case' before deployment, the tool's broad permissions and remote access features constitute significant high-risk behaviors.

Capability Assessment

ℹ Purpose & Capability

Name/description, required binaries (redc, terraform), and the SKILL.md all describe a Terraform-backed multi-cloud deployment tool — those requirements are proportionate to the stated purpose. However, the metadata only lists Alibaba Cloud env vars while the SKILL.md documents many provider-specific env vars (AWS, Azure, Tencent, Volcengine, Huawei, etc.), so the declared required env vars are incomplete compared with the runtime behavior.

⚠ Instruction Scope

SKILL.md instructs the agent/user to run the redc CLI and Terraform and explicitly warns that templates may include 'remote-exec', 'local-exec', and user_data/cloud-init that can run arbitrary code on created instances or the local machine. While the document advises inspecting templates and running terraform plan first, the runtime behavior of applying templates can execute arbitrary commands and potentially access local files or environment variables — this is within the tool's normal purpose but is high-risk and requires manual vetting before use.

✓ Install Mechanism

Instruction-only skill with no install spec and no code files present; it relies on existing binaries (redc and terraform). This is the lowest-risk install mechanism from the platform perspective.

⚠ Credentials

The skill will read sensitive credentials from environment variables or a local config.yaml. Metadata lists only ALICLOUD_ACCESS_KEY and ALICLOUD_SECRET_KEY, but SKILL.md shows many other provider secrets may be used (AWS, Azure, Tencent, etc.). Under-declaring these in metadata is an incoherence: the skill can legitimately need many different provider credentials depending on which provider is used, but the platform metadata does not reflect that. Any required env vars are high-sensitivity (ACCESS_KEY/SECRET) and should be scoped, short-lived, and set only for the single provider in use.

✓ Persistence & Privilege

The skill is not configured as always:true and does not request persistent platform-level privileges. Model invocation is allowed (the default), which is expected for skills. The SKILL.md refers to a local config.yaml managed by redc, which is normal for a CLI tool and does not indicate cross-skill or system-wide privilege escalation.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install redc
After installation, invoke the skill by name or use /redc
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.3

Version 1.0.3 - Clarified credential usage: metadata now declares Alibaba Cloud env vars as an example, with guidance to only configure credentials for the single provider in use. - Updated SKILL.md with a strong security notice: always inspect templates and use `plan_case` before deployment. - Added step-by-step instructions for template safety and auditing. - Expanded documentation on binary verification and MCP server exposure. - Minor improvements to provider/env var documentation for clarity and security best practices.

v1.0.2

redc 1.0.2 - Simplified credential requirements: only set environment variables for the cloud provider you intend to use. - Clarified that no credentials are globally required and separated provider-specific variables. - Added explicit security instructions and best practices for credential safety, template audits, and binary verification. - Updated MCP server exposure guidelines to emphasize local-only usage and network security. - Removed mandatory environment variable listing from metadata for a cleaner setup experience.

v1.0.1

**Adds credential and environment variable requirements to improve security and usability.** - Added explicit documentation for cloud provider credential environment variables and best practices. - Updated skill metadata to require specific environment variables for supported cloud providers. - Added notes that credentials are never sent to third parties, only used locally by Terraform. - No user-facing tool or command changes. Core functionality remains the same. - Version bump from 1.0.0 to 1.0.1.

v1.0.0

Initial release of RedC: multi-cloud automated deployment tool for red team infrastructure. - Deploy, manage, and monitor cloud resources across Alibaba Cloud, AWS, Tencent Cloud, Volcengine, Huawei Cloud, Azure, and more. - Offers both CLI and GUI (desktop app) for case/project management and orchestration. - Supports over 20 management tools: template search/pull, deployment planning, infrastructure up/down, SSH command execution, file transfers, cost estimation, billing, and more. - Integrates with Terraform for infrastructure as code. - Enables case-based and compose-based management for scalable multi-cloud operations.

Metadata

Slug redc

Version 1.0.3

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 4

Frequently Asked Questions

What is redc?

Red team infrastructure multi-cloud automated deployment tool. Deploy, manage, and monitor cloud instances across Alibaba Cloud, AWS, Tencent Cloud, Volcengi... It is an AI Agent Skill for Claude Code / OpenClaw, with 304 downloads so far.

How do I install redc?

Run "/install redc" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is redc free?

Yes, redc is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does redc support?

redc is cross-platform and runs anywhere OpenClaw / Claude Code is available (macos, linux, windows).

Who created redc?

It is built and maintained by r0fus0d (@no-github); the current version is v1.0.3.

More Skills