The problem with script libraries

A script library can only run the attacks someone already thought to write. The moment a target looks a little different—an unusual parameter, a chained precondition, a business-logic quirk—the script has nothing to say. You end up with a tool that is confident on the demo and useless on the real thing.

Methodology as the unit of knowledge

Agent-Smith ships patterns, not payloads. Each skill encodes how a discipline actually thinks—what to look for, how to confirm it, when to escalate—aligned to frameworks like OWASP ASVS 5.0, the LLM Top 10, and MITRE ATT&CK. The LLM supplies the reasoning; the skill supplies the discipline.

Self-chaining in practice

A single run threads several skills together without any human stitching:

The chain isn’t hard-coded. The model decides what to run next based on what it just found—which is exactly what a human operator does.

Why it stays safe

Every scanner runs inside an ephemeral Docker sandbox with hard cost, time, and call-count limits enforced server-side. The agent is free to improvise; the blast radius is not.

Want to see the skills? They’re open source on the GitHub org.