redc
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent red-team cloud deployment helper, but it should be installed only by users comfortable granting cloud credentials and reviewing Terraform templates before any apply.
Install this only if you intend to let an agent help manage red-team cloud infrastructure. Before use, install verified redc and Terraform binaries, use isolated cloud accounts with least-privilege temporary credentials, inspect every Terraform template, review the plan output, and keep any MCP server bound to localhost.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If broad or long-lived cloud keys are configured, the agent could affect real cloud resources and costs.
The skill requires access to cloud provider credentials, which can authorize creation, deletion, billing reads, or management actions depending on how broadly the credentials are scoped.
RedC reads cloud provider credentials from **environment variables** or a local **config.yaml** file managed by the `redc` CLI.
Use temporary, least-privilege credentials in a throwaway or isolated cloud account, and configure only the provider you intend to use.
Mistaken use could destroy instances, run unintended commands on servers, or create cloud costs.
The skill exposes high-impact cloud and remote-server operations, but those operations are central to its stated red-team infrastructure deployment purpose.
Manage running cloud instances (start, stop, destroy) ... Execute commands on remote servers via SSH
Review every planned action before applying it, and require explicit user confirmation for destructive or cost-incurring operations.
Applying an unsafe or tampered template could run commands locally or on created cloud instances.
Terraform templates can execute local or remote commands when applied. The artifact clearly discloses this and instructs users to inspect templates and run a plan first.
Templates define the actual cloud infrastructure that will be created. They may contain: ... `remote-exec` provisioners ... `user_data` / `cloud-init` scripts ... `local-exec` provisioners that run commands on your local machine
Inspect template source files, compare registry templates with the public repository, and run and review `plan_case` before any `start_case`.
Installing a fake or tampered binary could compromise the user’s machine or cloud accounts.
The skill depends on external binaries that are not bundled in the artifact. The artifact gives appropriate source-verification guidance.
Download `redc` only from official GitHub releases: https://github.com/wgpsec/redc/releases — verify SHA256 checksums ... Download `terraform` only from HashiCorp ... verify PGP signatures.
Install only from the official release channels and verify checksums or signatures before use.
If the MCP server were exposed on an untrusted network, another party might be able to interact with powerful cloud-management tools.
The skill can expose tools through an MCP server. The default is local-only, and the artifact warns against network exposure.
The built-in MCP server defaults to `stdio` transport (local only, no network exposure). The `sse` mode binds to a configurable address — always restrict it to `127.0.0.1` and do not expose it to untrusted networks.
Keep MCP transport local, bind SSE only to 127.0.0.1, and do not expose the server to shared or public networks.