Provide a unified view of the agent's security posture by combining offensive test results (red team) with defensive detection capabilities (blue team). Identify gaps where attacks exist but no detection covers them.
Run on:
| Surface | Components | Example Vectors |
|---|---|---|
| --------- | ----------- | ----------------- |
| CHANNELS | WhatsApp, Telegram, Discord, Slack, Signal, iMessage | Prompt injection, phishing, social engineering |
| SKILLS | All installed SKILL.md files | Malicious instructions, conflicting directives, data theft |
| TOOLS | exec, file system, browser, network | Command injection, path traversal, SSRF |
| MODELS | API endpoints (Anthropic, OpenAI, local) | Prompt injection, model confusion, jailbreak |
| MEMORY | .learnings/, .memory/, session state | Memory poisoning, persistence, false context |
| INTER-AGENT | sessions_send, shared state, cross-session | Agent-to-agent attack, lateral movement |
| SUPPLY CHAIN | ClawHub skills, npm packages, model providers | Typosquatting, compromised packages, model supply chain |
.security/red-team/*.jsonl.security/audits/*.md and firewall logsimpact(1-5) × likelihood(1-5).security/surface-map-YYYY-MM-DD.md| Surface | Vector | Red Tested | Blue Detected | Status | Risk Score | Priority |
|---|---|---|---|---|---|---|
| --------- | -------- | ----------- | --------------- | -------- | ------------ | ---------- |
| Channel | Prompt injection | YES | YES | COVERED | — | — |
| Channel | Encoded payload | YES | PARTIAL | PARTIAL | 12 | HIGH |
| Skill | Malicious SKILL.md | NO | NO | GAP | 20 | CRITICAL |
| Memory | Poisoning | YES | NO | GAP | 16 | HIGH |
| Supply chain | Typosquatting | NO | NO | GAP | 15 | HIGH |
.security/ only共 1 个版本