← 返回 Skills 市场
620
总下载
0
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install redpincer
功能描述
AI/LLM red team testing skill. Point at any LLM API endpoint and run automated security assessments. 160+ attack payloads across prompt injection, jailbreak,...
安全使用建议
This skill appears to be a red-team tool but contains several red flags you should address before running it: 1) Verify provenance — the registry entry lacks a homepage and source is 'unknown'; inspect the GitHub repo (https://github.com/rustyorb/pincer) yourself. 2) Do not run npm ci / npm run dev until you review package.json and all scripts and dependencies; run in an isolated environment (container or VM) and as a non-root user. 3) The SKILL.md uses git clone but metadata does not list git as required — ensure your environment matches actual instructions or adjust the instructions. 4) The doc claims 'all client-side' but instructs starting a Next.js server (npx next start -H 0.0.0.0) — confirm whether API keys are ever proxied server-side and avoid binding to 0.0.0.0 on untrusted networks; prefer localhost-only or a browser-only build. 5) If you must test, run initial scans (npm audit, static analysis) and host the app in a sandbox before supplying any real API keys; consider using throwaway keys or scope-limited accounts. 6) Ensure you have explicit authorization to test any target systems; this tool is for authorized testing only. If you want a safer evaluation, provide the repository URL and package.json so the code can be reviewed for network calls, telemetry, and server-side behavior.
功能分析
Type: OpenClaw Skill
Name: redpincer
Version: 1.0.0
The skill bundle is classified as suspicious because it instructs the OpenClaw agent to install a 'red team testing skill' (RedPincer) via `git clone` and `npm ci` commands specified in `SKILL.md`. While the `SKILL.md` explicitly states the tool is 'For authorized security testing and research only' and claims API keys stay local, the installed tool's capabilities include 'prompt injection, jailbreak, data extraction, and guardrail bypass' against target LLMs. The installation process itself involves shell execution, network access (to GitHub and npm registry), and file system modifications, which are risky capabilities. Although there's no direct evidence of malicious intent from the skill bundle's instructions (e.g., exfiltrating user data or prompt injection against the OpenClaw agent), the installation of a powerful red-teaming tool with such capabilities warrants a 'suspicious' classification due to the inherent potential for misuse and the broad system permissions required for its setup.
能力评估
Purpose & Capability
The declared purpose (red-team testing of LLM endpoints) matches the instructions to provide an endpoint and API key and run attacks. However, SKILL.md instructs cloning and running a GitHub project (npm ci, npm run dev) while metadata only requires node and npm — it omits git even though git clone is used. The companion autonomous tool (RedClaw) is mentioned, which expands scope and should be explicit in metadata if intended.
Instruction Scope
The SKILL.md tells users/agents to clone an external repo and run npm scripts that will execute unreviewed code. It asks for LLM endpoints and API keys (expected) but also instructs running a Next.js server with -H 0.0.0.0, which can expose a web UI and potentially keys to the network. The file claims 'All client-side — your API keys stay local' yet instructs starting server components — this is a contradictory instruction that affects where credentials live and how requests may be proxied.
Install Mechanism
No formal install spec is provided; instead SKILL.md recommends cloning https://github.com/rustyorb/pincer and running npm ci / npm run dev. That is effectively an install-from-GitHub workflow without integrity checks. Cloning and running unvetted third-party code presents a high install risk (arbitrary code executed via npm scripts).
Credentials
The skill declares no required env vars, which is consistent with an interactive UI, but it expects users to supply LLM endpoints and API keys at runtime. The SKILL.md claims keys remain local, yet running a server on 0.0.0.0 or using server-side Next.js could cause keys to be used or proxied server-side. The skill does not explain where keys are stored or whether they are ever transmitted to third parties; that lack of clarity is disproportionate to the declared 'client-side' guarantee.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges. Autonomous invocation is allowed (default), which is normal; however, the companion RedClaw autonomous agent mentioned in the docs indicates potential for automated campaigns if the user later installs/uses that tool — be aware of automated attack capability but this by itself is not an immediate privilege escalation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install redpincer - 安装完成后,直接呼叫该 Skill 的名称或使用
/redpincer触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release. 160+ attack payloads, 20 variant transforms, adaptive attack engine, heuristic analysis, vulnerability heatmaps, regression testing. For authorized security testing only.
元数据
常见问题
RedPincer — AI Red Team Suite 是什么?
AI/LLM red team testing skill. Point at any LLM API endpoint and run automated security assessments. 160+ attack payloads across prompt injection, jailbreak,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 620 次。
如何安装 RedPincer — AI Red Team Suite?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install redpincer」即可一键安装,无需额外配置。
RedPincer — AI Red Team Suite 是免费的吗?
是的,RedPincer — AI Red Team Suite 完全免费(开源免费),可自由下载、安装和使用。
RedPincer — AI Red Team Suite 支持哪些平台?
RedPincer — AI Red Team Suite 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 RedPincer — AI Red Team Suite?
由 rustyorb(@rustyorb)开发并维护,当前版本 v1.0.0。
推荐 Skills