| name | roadrunner-rlm |
| description | Run the defensive repository scan and optional public-case replay workflow for the RLM Defense Harness. Use when the user wants a Pi-driven repository review, file-ranking pass, focused scan, or safe replay of a checked-in public fix. Never use this skill for exploit generation, payloads, shellcode, or unpublished vulnerability discovery. |
| compatibility | Requires uv, Node 20+, and the configured OpenAI-compatible endpoints for Roadrunner and Coyote. |
Roadrunner RLM
Purpose
This skill drives the project-local security harness in defensive mode.
- Roadrunner performs file ranking and recursive scan discovery.
- Coyote dedupes and triages findings.
- Public replay is limited to checked-in manifests for already-public cases.
Safety rules
- Do not ask for exploit code, weaponization steps, shellcode, or payload construction.
- Do not describe unpublished findings as confirmed vulnerabilities.
- Prefer
needs_human_review over overclaiming.
- Never mutate the main checkout to perform historical replay.
Setup
Python:
cd python
uv sync
Pi:
./scripts/run-pi.sh --help
How to use
From Pi:
/security-scan current
/security-scan current src/network
/security-scan current src/network/parser.c --file-budget 1 --rlm-timeout 45
/security-scan public-case published-parser-fix
/coyote-triage scan-<run-id>
/security-status
Or call the extension tools directly:
roadrunner_scan(mode="current", file_budget=12, focus_paths=["src/network"], use_docker_repl=true)
coyote_triage(report_json_path="scan-<run-id>.json")
verify_case(case_id="published-parser-fix")
triage_findings(report_json_path="scan-<run-id>.json")
Output expectations
- machine-readable JSON report under
<target-repo>/.security-harness/reports/
- matching Markdown report with maintainer-facing summary
- Coyote decisions persisted back into the same report after
/coyote-triage
- explicit
No exploit content generated. marker
