Dreadnode Capabilities
This is the source repo for the capabilities Dreadnode publishes to app.dreadnode.io. A capability is a directory — a manifest plus any combination of agents, tools, skills, and MCP servers — that a Dreadnode runtime picks up and loads:
ai-red-teaming/
capability.yaml # manifest
agents/ # markdown prompts
tools/ # python @tool functions
skills/ # SKILL.md packs
Install one
- Published —
dn capability install dreadnode/ai-red-teaming (swap in any name from capabilities/)
- From source —
dn capability install ./capabilities/ai-red-teaming symlinks the directory into your runtime, so edits go live on reload
- From the TUI — start
dn, press Ctrl+P, filter for dreadnode/
dn is the Dreadnode CLI — see getting-started to install and authenticate. Full install reference for capabilities lives at docs.dreadnode.io/capabilities/installing.
Build your own
Every directory under capabilities/ is a shipped, working example. Read one alongside the docs:
Security scanning
Every skill in this repo is scanned with cisco-ai-defense/skill-scanner for prompt injection, data exfiltration, tool-chaining abuse, and supply chain risk. CI fails on HIGH+ findings and uploads SARIF reports to GitHub Code Scanning. The repo policy in scan-policy.yaml tunes the scanner for security-focused content.
just security-scan # scan all capabilities
just security-scan web-security # scan one capability
just security-scan behavioral="true" # deep dataflow analysis
Contributing
This repo is published for reference, not as a contribution target — we don't generally accept external PRs that add new capabilities. See CONTRIBUTING.md for what's useful to send and how to build your own capabilities instead.
License
Each capability declares its license in its capability.yaml.
