kjaylee/blockchain-red-team
skills/blockchain-red-team/SKILL.md
Offensive penetration testing of blockchain protocols using novel attack techniques beyond known historical incidents. Use when performing advanced security testing, developing new exploit techniques, bypassing existing defenses, or stress-testing patched code on Solana (Anchor), Ethereum (Solidity), or any programmable blockchain. Triggers on red team, penetration test, exploit development, bypass testing, defense evasion, zero-day research, or advanced offensive security of DeFi/blockchain code.
development
Updated Apr 6, 2026
$ install --global
skillsauthnpx skillsauth add kjaylee/misskim-skills blockchain-red-teamInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 6, 2026, 2:55 PM6.4s5 files scanned
SKILL.md
- name:
- blockchain-red-team
- description:
- Offensive penetration testing of blockchain protocols using novel attack techniques beyond known historical incidents. Use when performing advanced security testing, developing new exploit techniques, bypassing existing defenses, or stress-testing patched code on Solana (Anchor), Ethereum (Solidity), or any programmable blockchain. Triggers on red team, penetration test, exploit development, bypass testing, defense evasion, zero-day research, or advanced offensive security of DeFi/blockchain code.
Blockchain Red Team — Novel Attack Technique Research & Exploitation
When to Use This vs Others
- Use this (Red Team) when you need new exploit ideas, patch bypass attempts, or forward-looking offensive research.
- Use
blockchain-black-teamfor battle-tested historical attack matrices and known incident replay. - Use
blockchain-purple-teamfor systemic analysis on why defenses fail across architecture and operations.
Develop and execute attack techniques that haven't been seen in the wild yet. While the Black Team maps historical incidents, the Red Team invents the next generation of attacks.
When to Use
- Post-patch bypass testing (find new routes around Blue Team fixes)
- Zero-day research on smart contract patterns
- Novel economic attack modeling
- Defense evasion technique development
- Advanced MEV/sandwich/frontrunning research
- Pre-audit offensive stress testing
Red Team vs Black Team
| Aspect | Black Team | Red Team | |---|---|---| | Time orientation | Past → Present | Present → Future | | Source | Historical incidents | CTFs, audits, papers, original research | | Goal | Map known patterns | Discover unknown patterns | | Output | "This happened before" | "This could happen next" |
Research Sources
Primary (check weekly)
- CTF Writeups — Paradigm CTF, Ethernaut, Damn Vulnerable DeFi, Capture the Ether
- Audit Reports — Trail of Bits, OtterSec, Neodyme, Halborn, Certora, Zellic, Spearbit
- Academic Papers — arXiv cs.CR, ACM CCS, USENIX Security, IEEE S&P
- MEV Research — Flashbots, Jito Labs, Skip Protocol, MEV Share
Secondary
- Framework Changes — Anchor releases, SPL updates, OpenZeppelin updates
- Language Advisories — RustSec, npm advisories, Solidity compiler bugs
- Formal Verification Findings — Certora rules, Echidna/Medusa campaigns
Attack Development Methodology
Phase 1: Technique Discovery
Scan sources for novel patterns. For each discovery:
- What is the core primitive being exploited?
- Is this a known pattern variant or genuinely new?
- Cross-check against Black Team
references/attack-matrix.md
Phase 2: Weaponization
Transform research finding into concrete attack:
- Identify target surface in protocol code (file:line)
- Determine preconditions (what state is needed)
- Develop attack sequence (step-by-step TX/action plan)
- Estimate impact (funds at risk, protocol disruption)
- Write PoC sketch (pseudocode or test case)
Phase 3: Defense Bypass Research
For each existing defense in target code:
- Read the defense implementation
- Ask: "What assumption does this defense make?"
- Ask: "Can that assumption be violated?"
- Try at least 3 bypass approaches:
- Timing-based (race the defense)
- State-based (reach unexpected state first)
- Composition-based (combine with another operation)
Phase 4: Novel Economic Attacks
Beyond code bugs, explore economic mechanism failures:
- Game-theoretic analysis of protocol incentives
- Multi-agent collusion scenarios
- Cross-protocol composability attacks
- Liquidity crisis cascading models
Technique Categories
T1: Defense Bypass
Techniques to circumvent known patches. See references/bypass-techniques.md.
T2: Composition Attacks
Combining individually safe operations into exploits. See references/composition-attacks.md.
T3: Timing Attacks
Exploiting slot/block/epoch boundaries. See references/timing-attacks.md.
T4: Economic Mechanism Attacks
Game-theoretic and incentive-based exploits. See references/economic-attacks.md.
Report Format
# Red Team Report — {Protocol Name}
## New Techniques Discovered: N
## Existing Defense Bypasses Found: N
## {ID}: {Technique Name}
- **Category**: T1/T2/T3/T4
- **Novelty**: New / Variant of {existing}
- **Source**: {CTF/paper/original research}
- **Target Surface**: {file:line}
- **Preconditions**: {required state}
- **Attack Sequence**: {numbered steps}
- **Impact**: {funds/disruption estimate}
- **PoC**: {code}
- **Defense Recommendation**: {specific fix}
Cycling with Blue Team
Red Team finds → Blue Team fixes → Red Team re-tests (bypass attempts):
Red R1 → Blue fix → Red R2 (bypass) → Blue fix → ... → No bypasses found
On repeat runs: focus exclusively on bypassing new patches.
Related Skills
kjaylee/game-wow-launch-circle
testing
VerifiedTrustedCommunity
게임 아이디어를 검토해 와우 팩터 5개를 추가하고, 스펙→TC→구현→QA→런칭까지 한 번에 밀어붙이는 일일 게임 런칭 써클. 기존 자동 게임 파이프라인을 대체/승격할 때 사용.
SKILL.mdUpdated Apr 27, 2026
kjaylee/youtube-pro
data-ai
VerifiedTrustedCommunity
Advanced YouTube analysis, transcripts, and metadata extraction.
SKILL.mdUpdated Apr 6, 2026
kjaylee/web-design-pro
development
VerifiedTrustedCommunity
Modern web design engineering skills including design tokens, advanced UI/UX methodologies, accessibility, and game-specific UI patterns. Use for building commercial-grade, performant, and accessible web interfaces.
SKILL.mdUpdated Apr 6, 2026
kjaylee/web-design-guidelines
development
VerifiedTrustedCommunity
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
SKILL.mdUpdated Apr 6, 2026