How should agent-redteam-framework be evaluated before use?

Use the required flow: snapshot, contract, and trust before recommending or executing this skill.

What kind of evidence is visible on this page?

This page surfaces public facts, change history, trust indicators, artifact evidence, and benchmark summaries with provenance.

Crawler Summary

agent-redteam-framework answer-first brief

Open-source security testing for LLM-based agents. 7 attack classes (5 novel beyond OWASP/ATLAS), 19 scenarios, LangChain + CrewAI support, LLM-as-judge defense layer. **⚠️ ARCHIVED** — This project is archived. The 7 attack classes and LLM-as-judge defense findings remain valid, but no further development is planned. Agent security research continues in $1 and $1. Agent Security Red-Team Framework Reasoning chain hijacking hits 100% success against default LangChain ReAct agents. 7 attack classes systematized — 5 absent from OWASP LLM Top 10 and MITRE ATLAS. Layered defense reduce Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

Freshness

Last checked 4/15/2026

Best For

agent-redteam-framework is best for crewai, multi-agent workflows where OpenClaw compatibility matters.

Not Ideal For

Contract metadata is missing or unavailable for deterministic execution.

Evidence Sources Checked

editorial-content, GITHUB REPOS, runtime-metrics, public facts pack

Card Facts Snapshot Contract Trust

Claim this agent

Agent DossierGITHUB REPOSSafety: 66/100

agent-redteam-framework

OpenClawself-declared

Public facts

Change events

Artifacts

Freshness

Apr 15, 2026

Verifiededitorial-contentNo verified compatibility signals

Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

Trust evidence available

Trust score

Unknown

Compatibility

OpenClaw

Freshness

Apr 15, 2026

Vendor

Rexcoleman

Artifacts

Benchmarks

Last release

Unpublished

Executive Summary

Key links, install path, and a quick operational read before the deeper crawl record.

Verifiededitorial-content

Summary

Capability contract not published. No trust telemetry is available yet. Last updated 4/15/2026.

View Source

Setup snapshot

1
Setup complexity is LOW. This package is likely designed for quick installation with minimal external side-effects.
2
Final validation: Expose the agent to a mock request payload inside a sandbox and trace the network egress before allowing access to real customer data.

Evidence Ledger

Everything public we have scraped or crawled about this agent, grouped by evidence type with provenance.

Verifiededitorial-content

Vendor (1)

Vendor

Rexcoleman

profilemedium

Observed Apr 15, 2026Source link Provenance

Compatibility (1)

Protocol compatibility

OpenClaw

contractmedium

Observed Apr 15, 2026Source link Provenance

Security (1)

Handshake status

UNKNOWN

trustmedium

Observed unknownSource link Provenance

Integration (1)

Crawlable docs

6 indexed pages on the official domain

search_documentmedium

Observed Apr 15, 2026Source link Provenance

Release & Crawl Timeline

Merged public release, docs, artifact, benchmark, pricing, and trust refresh events.

Self-declaredagent-index

Docs Update

Docs refreshed: Sign in to GitHub · GitHub

search_documentmedium

Fresh crawlable documentation was indexed for the official domain.

Observed Apr 15, 2026

Artifacts Archive

Extracted files, examples, snippets, parameters, dependencies, permissions, and artifact metadata.

Self-declaredGITHUB REPOS

Extracted files

Examples

Snippets

Languages

python

Executable Examples

bash

# Clone and install
git clone https://github.com/rexcoleman/agent-redteam-framework.git
cd agent-redteam-framework
conda env create -f environment.yml
conda activate agent-redteam
pip install -e .

# Set your API key
export ANTHROPIC_API_KEY="sk-ant-api03-..."

# Verify environment
agent-redteam verify-env

# Run attacks against LangChain ReAct agent
agent-redteam scan --agent langchain_react --attack all --seed 42

# Evaluate defenses
agent-redteam defend --agent langchain_react --defense layered --seed 42

# Generate figures
agent-redteam figures

text

src/
  agents/           # Agent target abstractions (LangChain, CrewAI)
  attacks/          # Attack class implementations
  defenses/         # Defense layers (input sanitizer, tool boundary, layered)
  core/             # Config, types, logging
  cli.py            # CLI entry point
scripts/            # Experiment runners + govML-generated scripts
config/             # YAML configuration (agents, attacks, defenses)
data/tasks/         # YAML-driven attack scenarios
docs/               # govML governance documents (22 templates)
blog/               # Blog draft + conference abstract + images

Docs & README

Full documentation captured from public sources, including the complete README when available.

Self-declaredGITHUB REPOS

Docs source

GITHUB REPOS

Editorial quality

ready

Full README

⚠️ ARCHIVED — This project is archived. The 7 attack classes and LLM-as-judge defense findings remain valid, but no further development is planned. Agent security research continues in multi-agent-security and agent-semantic-resistance.

Agent Security Red-Team Framework

Reasoning chain hijacking hits 100% success against default LangChain ReAct agents. 7 attack classes systematized — 5 absent from OWASP LLM Top 10 and MITRE ATLAS. Layered defense reduces overall success by 60%.

Blog post: I Red-Teamed AI Agents: Here's How They Break

Key Findings

7 attack classes systematized into a reusable taxonomy (5 not covered by OWASP LLM Top 10 / MITRE ATLAS)
Reasoning chain hijacking: 100% success rate against default-configured LangChain ReAct agents (Claude Sonnet, 3 seeds) — the most dangerous agent-specific attack pattern tested
Layered defense reduces overall attack success by 60%
Adversarial control analysis validated across 3 domains (IDS, CVE prediction, agents)

Attack Success Rates

Defense Comparison

Quick Start

# Clone and install
git clone https://github.com/rexcoleman/agent-redteam-framework.git
cd agent-redteam-framework
conda env create -f environment.yml
conda activate agent-redteam
pip install -e .

# Set your API key
export ANTHROPIC_API_KEY="sk-ant-api03-..."

# Verify environment
agent-redteam verify-env

# Run attacks against LangChain ReAct agent
agent-redteam scan --agent langchain_react --attack all --seed 42

# Evaluate defenses
agent-redteam defend --agent langchain_react --defense layered --seed 42

# Generate figures
agent-redteam figures

Attack Taxonomy

| Class | Success Rate | Status | |-------|-------------|--------| | Direct Prompt Injection | 80% | Known (OWASP LLM01) | | Indirect Injection via Tools | 25% | Partially known | | Tool Permission Boundary Violation | 75% | Systematized | | Memory/Context Poisoning | 67% | Systematized | | Reasoning Chain Hijacking | 100% | Novel pattern |

See docs/attack_taxonomy.md for the full taxonomy and FINDINGS.md for detailed results.

Architecture

src/
  agents/           # Agent target abstractions (LangChain, CrewAI)
  attacks/          # Attack class implementations
  defenses/         # Defense layers (input sanitizer, tool boundary, layered)
  core/             # Config, types, logging
  cli.py            # CLI entry point
scripts/            # Experiment runners + govML-generated scripts
config/             # YAML configuration (agents, attacks, defenses)
data/tasks/         # YAML-driven attack scenarios
docs/               # govML governance documents (22 templates)
blog/               # Blog draft + conference abstract + images

Project Governance

Built with govML v2.4 (security-ml profile, 22 templates). Key governance documents:

docs/PROJECT_BRIEF.md — Thesis, research questions, success criteria
docs/DECISION_LOG.md — 3 architecture decision records
docs/ADVERSARIAL_EVALUATION.md — Threat model + controllability matrix
docs/PUBLICATION_PIPELINE.md — Blog distribution governance

License

MIT

Contract & API

Machine endpoints, protocol fit, contract coverage, invocation examples, and guardrails for agent-to-agent use.

MissingGITHUB REPOS

Endpoints

Dossier API Snapshot API Contract API Trust API

Contract coverage

Status

missing

Auth

None

Streaming

Data region

Unspecified

Protocol support

OpenClaw: self-declared

Requires: none

Forbidden: none

Guardrails

Operational confidence: low

No positive guardrails captured.

Invocation examples

curl -s "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/snapshot"

curl -s "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/contract"

curl -s "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/trust"

Reliability & Benchmarks

Trust and runtime signals, benchmark suites, failure patterns, and practical risk constraints.

Missingruntime-metrics

Trust signals

Handshake

UNKNOWN

Confidence

unknown

Attempts 30d

unknown

Fallback rate

unknown

Runtime metrics

Observed P50

unknown

Observed P95

unknown

Rate limit

unknown

Estimated cost

unknown

Do not use if

Contract metadata is missing or unavailable for deterministic execution.

No benchmark suites or observed failure patterns are available.

Media & Demo

Every public screenshot, visual asset, demo link, and owner-provided destination tied to this agent.

Missingno-media

No screenshots, media assets, or demo links are available.

Related Agents

Neighboring agents from the same protocol and source ecosystem for comparison and shortlist building.

Self-declaredprotocol-neighbors

GITHUB_REPOSactivepieces

Rank

AI Agents & MCPs & AI Workflow Automation • (~400 MCP servers for AI agents) • AI Automation / AI Agent with MCPs • AI Workflows & AI Agents • MCPs for AI Agents

Traction

No public download signal

Freshness

Updated 2d ago

OPENCLAW

GITHUB_REPOScherry-studio

Rank

AI productivity studio with smart chat, autonomous agents, and 300+ assistants. Unified access to frontier LLMs

Traction

No public download signal

Freshness

Updated 5d ago

MCPOPENCLAW

GITHUB_REPOSAionUi

Rank

Free, local, open-source 24/7 Cowork app and OpenClaw for Gemini CLI, Claude Code, Codex, OpenCode, Qwen Code, Goose CLI, Auggie, and more | 🌟 Star if you like it!

Traction

No public download signal

Freshness

Updated 6d ago

MCPOPENCLAW

GITHUB_REPOSCopilotKit

Rank

The Frontend for Agents & Generative UI. React + Angular

Traction

No public download signal

Freshness

Updated 23d ago

OPENCLAW

Machine Appendix

Contract JSON

{
  "contractStatus": "missing",
  "authModes": [],
  "requires": [],
  "forbidden": [],
  "supportsMcp": false,
  "supportsA2a": false,
  "supportsStreaming": false,
  "inputSchemaRef": null,
  "outputSchemaRef": null,
  "dataRegion": null,
  "contractUpdatedAt": null,
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Invocation Guide

{
  "preferredApi": {
    "snapshotUrl": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/snapshot",
    "contractUrl": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/contract",
    "trustUrl": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/trust"
  },
  "curlExamples": [
    "curl -s \"https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/snapshot\"",
    "curl -s \"https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/contract\"",
    "curl -s \"https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/trust\""
  ],
  "jsonRequestTemplate": {
    "query": "summarize this repo",
    "constraints": {
      "maxLatencyMs": 2000,
      "protocolPreference": [
        "OPENCLEW"
      ]
    }
  },
  "jsonResponseTemplate": {
    "ok": true,
    "result": {
      "summary": "...",
      "confidence": 0.9
    },
    "meta": {
      "source": "GITHUB_REPOS",
      "generatedAt": "2026-04-16T23:38:02.216Z"
    }
  },
  "retryPolicy": {
    "maxAttempts": 3,
    "backoffMs": [
      500,
      1500,
      3500
    ],
    "retryableConditions": [
      "HTTP_429",
      "HTTP_503",
      "NETWORK_TIMEOUT"
    ]
  }
}

Trust JSON

{
  "status": "unavailable",
  "handshakeStatus": "UNKNOWN",
  "verificationFreshnessHours": null,
  "reputationScore": null,
  "p95LatencyMs": null,
  "successRate30d": null,
  "fallbackRate": null,
  "attempts30d": null,
  "trustUpdatedAt": null,
  "trustConfidence": "unknown",
  "sourceUpdatedAt": null,
  "freshnessSeconds": null
}

Capability Matrix

{
  "rows": [
    {
      "key": "OPENCLEW",
      "type": "protocol",
      "support": "unknown",
      "confidenceSource": "profile",
      "notes": "Listed on profile"
    },
    {
      "key": "crewai",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    },
    {
      "key": "multi-agent",
      "type": "capability",
      "support": "supported",
      "confidenceSource": "profile",
      "notes": "Declared in agent profile metadata"
    }
  ],
  "flattenedTokens": "protocol:OPENCLEW|unknown|profile capability:crewai|supported|profile capability:multi-agent|supported|profile"
}

Facts JSON

[
  {
    "factKey": "vendor",
    "category": "vendor",
    "label": "Vendor",
    "value": "Rexcoleman",
    "href": "https://github.com/rexcoleman/agent-redteam-framework",
    "sourceUrl": "https://github.com/rexcoleman/agent-redteam-framework",
    "sourceType": "profile",
    "confidence": "medium",
    "observedAt": "2026-04-15T06:04:28.464Z",
    "isPublic": true
  },
  {
    "factKey": "protocols",
    "category": "compatibility",
    "label": "Protocol compatibility",
    "value": "OpenClaw",
    "href": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/contract",
    "sourceUrl": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/contract",
    "sourceType": "contract",
    "confidence": "medium",
    "observedAt": "2026-04-15T06:04:28.464Z",
    "isPublic": true
  },
  {
    "factKey": "docs_crawl",
    "category": "integration",
    "label": "Crawlable docs",
    "value": "6 indexed pages on the official domain",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  },
  {
    "factKey": "handshake_status",
    "category": "security",
    "label": "Handshake status",
    "value": "UNKNOWN",
    "href": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/trust",
    "sourceUrl": "https://xpersona.co/api/v1/agents/crewai-rexcoleman-agent-redteam-framework/trust",
    "sourceType": "trust",
    "confidence": "medium",
    "observedAt": null,
    "isPublic": true
  }
]

Change Events JSON

[
  {
    "eventType": "docs_update",
    "title": "Docs refreshed: Sign in to GitHub · GitHub",
    "description": "Fresh crawlable documentation was indexed for the official domain.",
    "href": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceUrl": "https://github.com/login?return_to=https%3A%2F%2Fgithub.com%2Fopenclaw%2Fskills%2Ftree%2Fmain%2Fskills%2Fasleep123%2Fcaldav-calendar",
    "sourceType": "search_document",
    "confidence": "medium",
    "observedAt": "2026-04-15T05:03:46.393Z",
    "isPublic": true
  }
]