Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

the-own-lab/red-team

Name: red-team
Author: the-own-lab

skills/red-team/SKILL.md

npx skillsauth add the-own-lab/Claude-company-of-one red-team

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

red-team

Purpose

Layer 2 of /review. Invoked by the reviewer agent (never by Main Agent directly). The reviewer agent runs with fresh context and ONLY reads REVIEW_INPUT.md plus the specific files it references. This prevents Main Agent self-deception (ADR-001 D4).

Inputs

REVIEW_INPUT.md at the spec directory.
Files, line ranges, or test outputs explicitly cited by REVIEW_INPUT.md.

Outputs

Return Layer 2 markdown with three buckets. The Main Agent writes it into REVIEW.md; the reviewer agent does not edit files.

Confirmed Findings — evidence-backed issues (file:line + snippet + impact).
Plausible Risks — realistic risks needing verification, labeled risk to verify.
Attack Surfaces Checked — explicit inventory of what was inspected and came back clean, so the reader sees the boundary of the review.

Procedure

Read REVIEW_INPUT.md in full. Note review_mode, Known Deviations, Questions for Reviewer, Out of Scope.
Load only the referenced artifacts. Do NOT crawl the repo, do NOT read BRIEF.md, do NOT read chat history.
Check each attack surface through the red-team lens:
- correctness / off-by-one / null / race
- spec conformance gaps (anything Layer 1 might have missed)
- security: secret exposure, injection, auth/authz bypass, destructive data loss, RCE path (these five categories are the auto-hard-block list, ADR-001 D4)
- operational: rollback, migration ordering, observability gaps
Label every entry. Anti-padding clause: Do not invent findings. If a suspected issue is not supported by evidence, label it as risk to verify, not finding.
Emit the three buckets as markdown. Empty Confirmed Findings is fine; do not manufacture one.

Failure modes

No evidence for a suspected issue → must be in Plausible Risks, not Confirmed.
Review drifts into style bikeshedding → drop to Attack Surfaces Checked with no material issue, not a finding.
Reviewer wants to read BRIEF.md or chat history → refuse. That defeats Layer 2.

Does not do

Does not edit code.
Does not write Layer 1 (that is spec-conformance).
Does not write Main Agent dispositions (that is critique-dialogue).
Does not auto-escalate severity to hit a count.

the-own-lab/red-team

skills/red-team/SKILL.md

/review Layer 2: adversarial review by reviewer agent reading ONLY REVIEW_INPUT.md. Three output buckets; security is a lens, not a separate skill.

testing

Updated Apr 22, 2026

$ install --global

skillsauth

npx skillsauth add the-own-lab/Claude-company-of-one red-team

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Apr 22, 2026, 11:17 AM141.3s1 file scanned

SKILL.md

name:: red-team
description:: /review Layer 2: adversarial review by reviewer agent reading ONLY REVIEW_INPUT.md. Three output buckets; security is a lens, not a separate skill.

red-team

Purpose

Inputs

REVIEW_INPUT.md at the spec directory.
Files, line ranges, or test outputs explicitly cited by REVIEW_INPUT.md.

Outputs

Return Layer 2 markdown with three buckets. The Main Agent writes it into REVIEW.md; the reviewer agent does not edit files.

Confirmed Findings — evidence-backed issues (file:line + snippet + impact).
Plausible Risks — realistic risks needing verification, labeled risk to verify.
Attack Surfaces Checked — explicit inventory of what was inspected and came back clean, so the reader sees the boundary of the review.

Procedure

Read REVIEW_INPUT.md in full. Note review_mode, Known Deviations, Questions for Reviewer, Out of Scope.
Load only the referenced artifacts. Do NOT crawl the repo, do NOT read BRIEF.md, do NOT read chat history.
Check each attack surface through the red-team lens:
- correctness / off-by-one / null / race
- spec conformance gaps (anything Layer 1 might have missed)
- security: secret exposure, injection, auth/authz bypass, destructive data loss, RCE path (these five categories are the auto-hard-block list, ADR-001 D4)
- operational: rollback, migration ordering, observability gaps
Label every entry. Anti-padding clause: Do not invent findings. If a suspected issue is not supported by evidence, label it as risk to verify, not finding.
Emit the three buckets as markdown. Empty Confirmed Findings is fine; do not manufacture one.

Failure modes

No evidence for a suspected issue → must be in Plausible Risks, not Confirmed.
Review drifts into style bikeshedding → drop to Attack Surfaces Checked with no material issue, not a finding.
Reviewer wants to read BRIEF.md or chat history → refuse. That defeats Layer 2.

Does not do

Does not edit code.
Does not write Layer 1 (that is spec-conformance).
Does not write Main Agent dispositions (that is critique-dialogue).
Does not auto-escalate severity to hit a count.

Related Skills

the-own-lab/write-brief

documentation

VerifiedTrustedCommunity

Update BRIEF.md sections during a command run. Any skill that produces a brief-persisted artifact calls this to write it back.

SKILL.mdUpdated Apr 22, 2026

the-own-lab/write-brief

the-own-lab/verify

development

VerifiedTrustedCommunity

Post-code check: run tests + confirm TODO acceptance items map to passing tests; applies a security lens but is not a separate scan.

SKILL.mdUpdated Apr 22, 2026

the-own-lab/update-docs

documentation

VerifiedTrustedCommunity

Command post-step: write CHANGELOG + TODO once per command run. One call, not per-skill doc writes.

SKILL.mdUpdated Apr 22, 2026

the-own-lab/update-docs

the-own-lab/spec-writing

content-media

VerifiedTrustedCommunity

Author REQUIREMENTS.md + DESIGN.md + TODO.md for a feature. The three files are one contract; they ship together.

SKILL.mdUpdated Apr 22, 2026

the-own-lab/spec-writing

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/the-own-lab/Claude-company-of-one.git

# Copy into Claude Code skills folder (global)
cp -r Claude-company-of-one/skills/red-team ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

the-own-lab/Claude-company-of-one

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT