Run any Skill in Manus with one click

$pwd:

ship-safe-red-team

Name: Ship Safe Red Team
Author: asamassekou10

// Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.

Run Skill in Manus

$ git log --oneline --stat

stars:712

forks:80

updated:March 17, 2026 at 04:32

SKILL.md

readonly

name	ship-safe-red-team
description	Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.
argument-hint	[path] [--agents <list>]

Ship Safe — Red Team Scan

You are running a multi-agent red team scan using Ship Safe's 13 security agents.

Step 1: Run the red team scan

npx ship-safe@latest red-team $ARGUMENTS --json --no-ai 2>/dev/null

If $ARGUMENTS is empty, default to .:

npx ship-safe@latest red-team . --json --no-ai 2>/dev/null

If the user wants specific agents only, use the --agents flag:

npx ship-safe@latest red-team . --agents injection,auth,ssrf --json --no-ai 2>/dev/null

Available agents: injection, auth, ssrf, supply-chain, config, llm, mobile, git-history, cicd, api, supabase-rls

Step 2: Parse and present results

The JSON output contains findings from each agent. Present results grouped by agent:

For each agent that found issues:

Agent name and category (e.g., "InjectionTester — Code Vulnerabilities")
Finding count by severity
Top findings — list critical and high severity findings with:
- File and line number
- Rule name and description
- Code context (if available, show the flagged line with surrounding lines)
- Suggested fix
- Confidence level

Agent summary table

Show a table: Agent | Findings | Critical | High | Medium

Agents with zero findings

List them briefly as clean — this is useful context.

Step 3: Deep dive and remediation

For the most critical findings:

Read the actual source file for full context
Explain the vulnerability in plain language — what could an attacker do?
Offer to fix it with a concrete code change
After fixing, offer to re-run just that agent to verify: npx ship-safe@latest red-team . --agents <agent>

Step 4: Recommendations

Based on the results, suggest:

Which agents to focus on (highest finding count or most critical findings)
Whether to create a baseline (/ship-safe-baseline) for the current state
Framework-specific hardening tips based on detected stack (from recon agent)

Important Notes

The 13 agents are: InjectionTester, AuthBypassAgent, SSRFProber, SupplyChainAudit, ConfigAuditor, SupabaseRLSAgent, LLMRedTeam, MobileScanner, GitHistoryScanner, CICDScanner, APIFuzzer, ReconAgent, ScoringEngine
Agents run in parallel — the scan should complete in under 60 seconds for most projects
Low-confidence findings in test files or documentation are likely false positives
Never display actual secret values

related-skills.json

same repository

ship-safe-hooks.md

from "asamassekou10/ship-safe"

Install ship-safe as real-time Claude Code hooks — blocks secrets and dangerous commands before they land on disk. Use when the user wants automatic security scanning on every file write or bash command.

2026-04-01712

ship-safe-baseline.md

from "asamassekou10/ship-safe"

Manage your security baseline — accept current findings as known debt, then only report new regressions on future scans. Use when the user wants to adopt security scanning incrementally or suppress existing findings.

2026-03-17712

ship-safe-ci.md

from "asamassekou10/ship-safe"

Run Ship Safe in CI mode — compact output, exit codes, SARIF generation. Use when the user wants to set up CI/CD security gates or test their pipeline configuration.

2026-03-17712

ship-safe-deep.md

from "asamassekou10/ship-safe"

Run a deep security audit with LLM-powered taint analysis — regex scan nominates findings, then an LLM verifies taint reachability and exploitability. Use when the user wants thorough, high-confidence results with fewer false positives.

2026-03-17712

ship-safe-fix.md

from "asamassekou10/ship-safe"

Auto-fix security issues — remediate hardcoded secrets and common vulnerabilities (TLS bypass, debug mode, XSS, shell injection, Docker :latest). Use when the user wants to automatically fix security findings.

2026-03-17712

ship-safe-scan.md

from "asamassekou10/ship-safe"

Quick scan for leaked secrets — API keys, passwords, tokens, database URLs. Use when the user wants to check for hardcoded secrets or exposed credentials.

2026-03-17712

package.json

"author": "asamassekou10"

"repository": "asamassekou10/ship-safe"

View GitHub Repository View Creator Repositories

$ install --global

$ download --local

Run Skill in Manus

$ useful --forSOC

Information Security AnalystsComputer and Mathematical Occupations15-1212L4

name	ship-safe-red-team
description	Run a multi-agent red team scan — 16 specialized security agents scan for 80+ attack classes including injection, auth bypass, SSRF, supply chain, Supabase RLS, MCP security, agentic AI, RAG poisoning, PII compliance, and more. Use when the user wants a deep security analysis beyond just secrets.
argument-hint	[path] [--agents <list>]

Ship Safe — Red Team Scan

You are running a multi-agent red team scan using Ship Safe's 13 security agents.

Step 1: Run the red team scan

npx ship-safe@latest red-team $ARGUMENTS --json --no-ai 2>/dev/null

If $ARGUMENTS is empty, default to .:

npx ship-safe@latest red-team . --json --no-ai 2>/dev/null

If the user wants specific agents only, use the --agents flag:

npx ship-safe@latest red-team . --agents injection,auth,ssrf --json --no-ai 2>/dev/null

Available agents: injection, auth, ssrf, supply-chain, config, llm, mobile, git-history, cicd, api, supabase-rls

Step 2: Parse and present results

The JSON output contains findings from each agent. Present results grouped by agent:

For each agent that found issues:

Agent name and category (e.g., "InjectionTester — Code Vulnerabilities")
Finding count by severity
Top findings — list critical and high severity findings with:
- File and line number
- Rule name and description
- Code context (if available, show the flagged line with surrounding lines)
- Suggested fix
- Confidence level

Agent summary table

Show a table: Agent | Findings | Critical | High | Medium

Agents with zero findings

List them briefly as clean — this is useful context.

Step 3: Deep dive and remediation

For the most critical findings:

Read the actual source file for full context
Explain the vulnerability in plain language — what could an attacker do?
Offer to fix it with a concrete code change
After fixing, offer to re-run just that agent to verify: npx ship-safe@latest red-team . --agents <agent>

Step 4: Recommendations

Based on the results, suggest:

Which agents to focus on (highest finding count or most critical findings)
Whether to create a baseline (/ship-safe-baseline) for the current state
Framework-specific hardening tips based on detected stack (from recon agent)

Important Notes

The 13 agents are: InjectionTester, AuthBypassAgent, SSRFProber, SupplyChainAudit, ConfigAuditor, SupabaseRLSAgent, LLMRedTeam, MobileScanner, GitHistoryScanner, CICDScanner, APIFuzzer, ReconAgent, ScoringEngine
Agents run in parallel — the scan should complete in under 60 seconds for most projects
Low-confidence findings in test files or documentation are likely false positives
Never display actual secret values

ship-safe-red-team

Ship Safe — Red Team Scan

Step 1: Run the red team scan

Step 2: Parse and present results

For each agent that found issues:

Agent summary table

Agents with zero findings

Step 3: Deep dive and remediation

Step 4: Recommendations

Important Notes

More from this repository

More from this repository

Ship Safe — Red Team Scan

Step 1: Run the red team scan

Step 2: Parse and present results

For each agent that found issues:

Agent summary table

Agents with zero findings

Step 3: Deep dive and remediation

Step 4: Recommendations

Important Notes