← 返回 Skills 市场
102
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install redteam
功能描述
Proactively scan AI agents for vulnerabilities including prompt injection, secret extraction, and tool abuse by running targeted security audits.
安全使用建议
This skill currently appears incomplete and inconsistent with its description. Before installing or running it: 1) Ask the publisher for the missing agent_redteam package or the full source for repo_scanner and review it for network calls and credential access. 2) Do not run the skill against production or sensitive agents — run it in an isolated sandbox first. 3) Be wary of the code altering sys.path to import from parent directories (this can cause the skill to execute unrelated host code). 4) Require documentation or a homepage and verify the owner identity; if those cannot be provided, treat the skill as untrusted and avoid giving it access to any secrets or production agents.
能力评估
Purpose & Capability
The SKILL.md and metadata claim full red-team capabilities (prompt injection detection, secret extraction, tool abuse). The bundled main.py does not implement those features: the 'scan' subcommand only prints 'Found 0 issues', and the repo-scanning behavior delegates to an external module (agent_redteam.repo_scanner) that is not included. The advertised capabilities are not implemented in the provided files.
Instruction Scope
Runtime instructions tell users to run '@redteam scan <agent-id>' to start a security scan, but the implementation does not perform any agent scanning. main.py modifies sys.path to import agent_redteam from two levels up, which means the skill expects to load code from the host environment — a scope expansion not documented in SKILL.md. That external import could access unrelated code or data.
Install Mechanism
No install spec is present (instruction-only plus a single Python script). Nothing is written to disk by an installer, which lowers supply-chain risk. However, the lack of a packaged dependency for agent_redteam means functionality is incomplete or relies on out-of-band components.
Credentials
The skill declares no required environment variables or credentials, which is reasonable for a scanner. However, the code's sys.path manipulation to import agent_redteam from parent directories effectively asks to load code from the agent host filesystem; that can provide access to other modules or files and should be justified. No explicit credentials are requested but host code access increases risk.
Persistence & Privilege
The skill does not request always:true, does not claim persistent presence, and does not modify agent config in the provided files. Autonomous invocation is allowed by default but is not combined with other privilege-escalating flags.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install redteam - 安装完成后,直接呼叫该 Skill 的名称或使用
/redteam触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of the redteam skill.
- Added proactive AI agent security scanning features.
- Supports prompt injection detection, secret extraction, and tool abuse audits.
- Command to scan: @redteam scan [agent-id].
- Includes help command for listing audit types.
元数据
常见问题
Red Team 是什么?
Proactively scan AI agents for vulnerabilities including prompt injection, secret extraction, and tool abuse by running targeted security audits. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 102 次。
如何安装 Red Team?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install redteam」即可一键安装,无需额外配置。
Red Team 是免费的吗?
是的,Red Team 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Red Team 支持哪些平台?
Red Team 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Red Team?
由 Yao Li(@yao23)开发并维护,当前版本 v0.1.0。
推荐 Skills