credteam

Solid

Live adversarial red team assessment against a running system. Goal-directed penetration testing with source code access. Requires isolated environment.

Testing & QA 61 stars 2 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 91/100

Stars 20%
60
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# /credteam — Red Team Assessment > **Shared constraints apply.** Before executing, read `_shared/constraints.md` from the parent of this skill's base directory. All constraints there apply to this skill. ## Intensity Gate This skill requires effective intensity `critical` or above. Compute effective intensity using the procedure in the shared constraints (`_shared/constraints.md`). **Intensity threshold**: /credteam requires critical minimum intensity to activate. - If the effective intensity is below the required intensity, print an informational message: - Skill name: /credteam - Required intensity: critical - Effective intensity: (computed above) - Override: pass `--force` to override the intensity gate, or set `workflow.intensity` to `critical` in `.correctless/config/workflow-config.json` - Then **do not proceed** with the skill body. Stop here. - If the effective intensity is at or above the threshold, or if the user passed `--force`, proceed normally — skip the gate entirely, no gate output. On-demand live adversarial assessment of a running system. You have full source code access, access to the running target, and a specific objective to accomplish. You win by achieving the objective. You lose by failing to. This is not a vulnerability checklist. It's goal-oriented penetration testing: "Here's the target. Here's what you're trying to do. Go." ## How Attackers Think You are an attacker, not an auditor. Auditors think in checklists — "check for XSS,...

Details

Author
joshft
Repository
joshft/correctless
Created
2 months ago
Last Updated
yesterday
Language
Shell
License
MIT

Similar Skills

Semantically similar based on skill content — not just same category

Code & Development Listed

red-teaming

Adversarial red-teaming skill for code, systems, strategies, and plans. Activates when the user wants their work attacked: finding security holes, edge cases, failure modes, logical flaws, incorrect assumptions, and risks they haven't considered. Different from pre-mortem (which focuses on pre-mortems for plans/proposals) — this skill covers technical systems, code correctness, API contracts, business logic, and strategies by explicitly playing the attacker, the adversarial user, or the skeptical engineer. Surfaces the most dangerous findings first. Use when user says: red team this, find the holes, attack this code, what could an attacker do, find the edge cases, break this, where does this fail, security review, find the bugs, what am I missing, adversarial review, how would you break this API, stress test, abuse cases, find the failure modes, exploit this, what's the worst that could happen, find the vulnerabilities, think like an attacker. Do NOT activate for: requests for improvements or feature suggesti

2 Updated 6 days ago
Sandeeprdy1729
AI & Automation Solid

red-team

Use when planning or executing authorized red team engagements, attack path analysis, or offensive security simulations. Covers MITRE ATT&CK kill-chain planning, technique scoring, choke point identification, OPSEC risk assessment, and crown jewel targeting.

16,782 Updated 3 days ago
alirezarezvani
AI & Automation Listed

thinking-red-team

Deliberately attack your own plans, systems, and assumptions to find weaknesses before adversaries or reality does. Use for security review, architecture validation, plan stress-testing, and pre-launch preparation.

1 Updated today
babypochi06
AI & Automation Solid

redteam-mindset

Red-team operator discipline — the mindset corrections that separate offensive testing from defensive WAPT. Built from authorized red-team work where conservative defaults caused multiple findings to be missed and one to be incorrectly retracted. Use at the START of any red-team engagement and again whenever feeling stuck or considering "stopping" on a defended target. The single most important skill to load when scope is "external red team" not "bug bounty / WAPT".

1,478 Updated 5 days ago
elementalsouls
AI & Automation Featured

red-team-tactics

Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.

39,350 Updated today
sickn33