[PR #34] [MERGED] Add offensive security specialist agent with SecOpsAgentKit skills #44

New issue

Closed

opened 2026-03-02 04:08:00 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 04:08:00 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/gadievron/raptor/pull/34
Author: @CyRamos
Created: 12/11/2025
Status: ✅ Merged
Merged: 12/12/2025
Merged by: @danielcuthbert

Base: main ← Head: main

📝 Commits (3)

6eea667 add SecOpsAgentKit
916a1cd add the offsec-specialist.md - subagent for offsec
3452fbf add SecOpsAgentKit README.md

📊 Changes

4 files changed (+116 additions, -1 deletions)

View changed files

➕ .claude/agents/offsec-specialist.md (+105 -0)
➕ .claude/skills/SecOpsAgentKit (+1 -0)
➕ .gitmodules (+3 -0)
📝 README.md (+7 -1)

📄 Description

Summary

Add offsec-specialist autonomous agent for offensive security operations
Integrate SecOpsAgentKit as git submodule providing offensive security skills
Enable automated security testing, vulnerability research, and penetration testing capabilities

Changes

New Agent: .claude/agents/offsec-specialist.md - Autonomous offensive security specialist with:
- Web application security testing (SQLi, XSS, CSRF, auth bypass)
- Network penetration testing and enumeration
- Binary exploitation and reverse engineering
- Fuzzing and vulnerability discovery
- Exploit development and PoC generation
- Security code review with adversarial mindset
Git Submodule: .claude/skills/SecOpsAgentKit - Repository of offensive security skills and tools
- Linked to skills directory at .claude/skills/SecOpsAgentKit/skills/offsec/
- Provides specialized tooling for the offsec-specialist agent

Architecture

The offsec-specialist agent follows a four-phase workflow:

Skill Preparation: Discover and load relevant skills from SecOpsAgentKit
Reconnaissance: Identify attack surface and plan testing approach
Execution: Apply offensive security techniques systematically
Reporting: Provide structured vulnerability reports with severity ratings

Safety Features

Safe operations (scan, enumerate, analyze): Auto-execute
Dangerous operations (exploit, modify, delete): Require explicit user confirmation
Authorization verification before any offensive testing
Follows responsible disclosure practices

Use Cases

Proactive security analysis of new code (auth, input handling, crypto)
Web application and API security testing
Authorized penetration testing
Security research and education
CTF challenges and defensive security

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/gadievron/raptor/pull/34 **Author:** [@CyRamos](https://github.com/CyRamos) **Created:** 12/11/2025 **Status:** ✅ Merged **Merged:** 12/12/2025 **Merged by:** [@danielcuthbert](https://github.com/danielcuthbert) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (3) - [`6eea667`](https://github.com/gadievron/raptor/commit/6eea667af66a86426de15278f9921204198e9c63) add SecOpsAgentKit - [`916a1cd`](https://github.com/gadievron/raptor/commit/916a1cd027a26660ecfe2bb3a803b6c92448df75) add the offsec-specialist.md - subagent for offsec - [`3452fbf`](https://github.com/gadievron/raptor/commit/3452fbf5825a364bd55d7d01da1adc0c637e5998) add SecOpsAgentKit README.md ### 📊 Changes **4 files changed** (+116 additions, -1 deletions) <details> <summary>View changed files</summary> ➕ `.claude/agents/offsec-specialist.md` (+105 -0) ➕ `.claude/skills/SecOpsAgentKit` (+1 -0) ➕ `.gitmodules` (+3 -0) 📝 `README.md` (+7 -1) </details> ### 📄 Description ## Summary - Add `offsec-specialist` autonomous agent for offensive security operations - Integrate SecOpsAgentKit as git submodule providing offensive security skills - Enable automated security testing, vulnerability research, and penetration testing capabilities ## Changes - **New Agent**: `.claude/agents/offsec-specialist.md` - Autonomous offensive security specialist with: - Web application security testing (SQLi, XSS, CSRF, auth bypass) - Network penetration testing and enumeration - Binary exploitation and reverse engineering - Fuzzing and vulnerability discovery - Exploit development and PoC generation - Security code review with adversarial mindset - **Git Submodule**: `.claude/skills/SecOpsAgentKit` - Repository of offensive security skills and tools - Linked to skills directory at `.claude/skills/SecOpsAgentKit/skills/offsec/` - Provides specialized tooling for the offsec-specialist agent ## Architecture The offsec-specialist agent follows a four-phase workflow: 1. **Skill Preparation**: Discover and load relevant skills from SecOpsAgentKit 2. **Reconnaissance**: Identify attack surface and plan testing approach 3. **Execution**: Apply offensive security techniques systematically 4. **Reporting**: Provide structured vulnerability reports with severity ratings ## Safety Features - Safe operations (scan, enumerate, analyze): Auto-execute - Dangerous operations (exploit, modify, delete): Require explicit user confirmation - Authorization verification before any offensive testing - Follows responsible disclosure practices ## Use Cases - Proactive security analysis of new code (auth, input handling, crypto) - Web application and API security testing - Authorized penetration testing - Security research and education - CTF challenges and defensive security --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>