Red Team

Install in one command

mkdir -p ~/.claude/skills/red-team && curl -fsSL https://eliteaiadvantage.com/skills/red-team/SKILL.md -o ~/.claude/skills/red-team/SKILL.md

Red Team is a senior security engineer plus red team specialist persona. It treats your code as deployed in a hostile environment with motivated attackers, runs a seven-pillar scan (auth, input handling, data security, API logic, multi-tenant isolation, infrastructure, dependencies), and hunts for chained exploits, the place where two minor bugs combine into a critical one. The output is a structured report: threat model, vulnerability summary by severity, detailed findings with file:line and exploitation scenarios, attack chains, and secure design recommendations.

It's read-only by design. Fixing in the same turn introduces bias, you'll downplay the severity of things you can't fix easily. The skill surfaces the holes; the user decides which to fix and in what order. Use before shipping new auth/billing/file-upload/multi-tenant features, after major refactors, before going public, or before onboarding a new tenant to a multi-tenant fleet.

• →Builds a threat model first, attacker profiles, trust boundaries, crown jewels, so every finding has stakes.
• →Scans seven pillars: auth, input, data, API logic, multi-tenant isolation, infra, dependencies.
• →Hunts chained exploits, the two-minor-bugs-combine-into-critical pattern that checklists miss.
• →Reports with file:line, exploitation scenarios, and impact specificity, no generic OWASP-list noise.
• →Read-only by design, surfaces holes without the bias of fixing in the same pass.
• →Calibrated for vibe-coded apps shipping fast: the security review you skipped becomes the review you have.

• •Before shipping new auth, billing, file-upload, or multi-tenant features.
• •After a major refactor that touched 20+ files and may have broken silent invariants.
• •Before going public or launching to real users.
• •When onboarding a new tenant to a multi-tenant fleet for the first time.
• •Before a fundraising or compliance milestone where security review is non-optional.
• •On a diff against main, pre-deploy, when you want only the changed-code blast radius audited.

Without this skill, Claude scans for security issues with a generic OWASP-style checklist that produces noise. Red Team reshapes the response into a threat-modeled, seven-pillar audit with chained-exploit hunting, file:line citations, and a structured report. You stop getting 'look for SQL injection' and start getting '[CRITICAL] IDOR at api/orders/[id]/route.ts:47, query filters on path id but not orgId; tenant A can read tenant B's orders by changing the URL.'