ワンクリックで
opfor-mcp-setup
Set up an MCP server target for Opfor red-teaming.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Set up an MCP server target for Opfor red-teaming.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Set up an agent or chatbot target for Opfor red-teaming.
Run red-team attacks and generate a report for an agent target.
Run red-team attacks and generate a report for an MCP server target.
| name | opfor-mcp-setup |
| description | Set up an MCP server target for Opfor red-teaming. |
Configure an MCP server target for adversarial security evaluation. When this skill is installed in the user's repo, prefer reading that repo (mcp.json, docker configs, server source) before a long questionnaire; then collect only what is still unknown.
Ask the user about their MCP server (or pre-fill from repo scan when obvious):
stdio or url)npx @myorg/server); for url: the SSE/HTTP endpoint (e.g., http://localhost:3000/sse)DB_PATH=/tmp/test.db)Ask the user which transport their server uses. Discover available options by scanning ./targets/ for .md files. Default to stdio.
End users often pull this skill into their own repo. Treat that repo as the source of truth.
MCP configuration files (highest priority):
.cursor/mcp.json → mcpServers.<name> entriesclaude_desktop_config.json → same formatmcp.json at repo rootdocker-compose*.yml — containerized MCP serversServer source code (if config not found):
package.json → scripts that start MCP servers__main__.py or entry points with mcp importsEnvironment and configuration:
.env, .env.example — environment variables the server expectsDockerfile — server build and entrypointExtract:
Ask the user directly for the transport type, command/URL, and any required env vars.
Confirmation Flow:
🔍 I scanned your repo and found an MCP server configuration.
Pre-filled Server Config:
Name: [from package.json name or mcp.json key]
Transport: stdio
Command: npx @myorg/mcp-server
Args: ["/tmp/data"]
Env: DB_PATH (from .env.example)
✅ Looks good, use this?
📝 Edit these fields?
❌ Start fresh?
User must explicitly confirm before proceeding.
After confirming server configuration, connect to the server and discover its attack surface:
./targets/)tools/list) — record all tool names, descriptions, and input schemasresources/list) — record all resource URIs and descriptionsPresent the discovered surface:
🔍 Discovered Attack Surface:
Tools (5):
• read_file (description: Read file contents)
• write_file (description: Write content to file)
• execute_query (description: Run SQL query)
• list_directory (description: List directory contents)
• delete_file (description: Delete a file)
Resources (3):
• file:///config/settings.json
• file:///data/users.db
• file:///logs/access.log
This discovery informs which evaluators are most relevant.
Read ./catalog.json. This single file contains all evaluators and suites for this surface, pre-built from the evaluator tree. Parse it as JSON — it has this shape:
{
"surface": "mcp",
"evaluators": [
{
"id": "ssrf",
"name": "Server-Side Request Forgery (SSRF)",
"severity": "critical",
"standards": { "owasp-mcp": "MCP05" },
"description": "...",
"pass_criteria": "...",
"fail_criteria": "...",
"patterns": [{ "name": "AWS IMDSv1 Metadata SSRF", "template": "..." }],
"scan_mode": null,
"correlates_with": null,
"source_scan": null
}
],
"suites": [
{
"id": "quick-smoke",
"name": "Quick Smoke",
"description": "...",
"evaluators": ["prompt-injection", "..."]
}
]
}
From the catalog extract:
id, name, description, and evaluators (list of evaluator IDs)id, name, severity, standards, description, patterns (array of { name, template }), pass_criteria, fail_criteria, and optional scan_mode, correlates_with, source_scanPresent options:
How would you like to define what to test?
A) Use a predefined suite (faster, standard coverage)
1. owasp-mcp-top10 — OWASP MCP Top 10
B) Custom selection (pick specific evaluators)
IMPORTANT:
After tool/resource discovery, highlight which evaluators are most relevant:
Based on your server's tools and resources, I recommend:
🔴 CRITICAL:
• command-injection — your server has execute_query (SQL interface)
• resource-exposure — 3 file resources discovered
🟠 HIGH:
• scope-escalation — write_file + delete_file could be abused
• missing-authentication — verify auth is enforced
Ask: "How many attack variations per evaluator?"
Ask: "Single-turn or multi-turn attacks?"
For each selected evaluator:
id in the catalog's evaluators arraypatterns array ({ name, template }) as attack templates<n> attack variations:
pass_criteria and fail_criteria from the catalog entryShow progress:
Generating attack plan...
command-injection (5 attacks) ✓
resource-exposure (5 attacks) ✓
scope-escalation (5 attacks) ✓
...
Generate a UUID-based folder name: config-YYYYMMDD-HHMMSS-XXXX
Create folder structure:
.opfor/configs/<uuid>/
config.md
inputs/
command-injection.md
resource-exposure.md
scope-escalation.md
... (one file per evaluator)
Write config.md:
# MCP Red Team Configuration
## Server Information
**Name:** <server name>
**Transport:** <stdio | url>
**Command:** <launch command (stdio)>
**URL:** <endpoint URL (url transport)>
**Args:** <arguments>
**Env:** <required env var names>
## Discovered Attack Surface
### Tools
<list of tool names + descriptions>
### Resources
<list of resource URIs + descriptions>
## Test Configuration
**Mode:** suite | custom
**Suite:** <selected suite (if Mode=suite)>
**Evaluators:** <comma-separated list (if Mode=custom)>
**Attack Count:** <n per evaluator>
**Turn Mode:** single | multi
## Notes
<user's free-form context>
<!--
Config ID: <uuid>
Created: <ISO 8601 timestamp>
Generated Attacks: <count>
-->
Write each inputs/<evaluator-id>.md:
---
evaluator: command-injection
name: Command Injection
severity: critical
attack_count: 5
turn_mode: single
---
# Generated Attacks
## Attack 1: SQL Injection via execute_query
**Tool:** execute_query
**Arguments:**
```json
{ "query": "SELECT * FROM users; DROP TABLE sessions; --" }
```
Tool: read_file Arguments:
{ "path": "../../../etc/passwd" }
...
Show summary:
✅ MCP Configuration Complete
Server: My Database MCP (stdio)
Command: npx @myorg/db-server /tmp/test.db
Attack Surface: 5 tools, 3 resources
Assessment: OWASP MCP Top 10 (10 evaluators)
Attacks: 5 per evaluator = 50 total
Turn Mode: single-turn
Config Location: .opfor/configs/<uuid>/
Next Step: Run /opfor-mcp-run to start the assessment
You can:
• Review/edit attacks at .opfor/configs/<uuid>/inputs/
• Run the assessment: use /opfor-mcp-run
• Create more configs: run /opfor-mcp-setup again