Methodology as code. Not scripts. Not checklists.
Your AI coding assistant already has the IQ—Skills gives it the methodology. Drop 25 chainable slash commands into Claude Code or OpenCode and the same agent that writes your features can red-team them, review source against OWASP ASVS 5.0, or model threats against your architecture. One git clone. No SaaS. No lock-in.
Full autonomous engagement — recon, exploitation, proof, and report — chaining into other skills as it finds things.
One / command kicks off a chain that finds, exploits, and fixes.
What it is
Skills teach attack, defense, and review patterns—the model invents the work. No script libraries, no regex catalogs to maintain.
/pentester finds SQLi → fires /web-exploit. /codebase spots an LLM call → fires /ai-redteam. Complete coverage, no stitching.
OWASP Web, API & LLM Top 10, ASVS 5.0 (427 requirements across 16 chapters), AITG, the MCP Top 10, MITRE ATT&CK, PASTA, and STRIDE—baked into the methodology itself.
Claude Code, OpenCode, any MCP-capable client. Your agent, your rules, no vendor lock-in.
The library
Click any command above to see what it does.
Install
Community-driven and open source under AGPL v3.0. Clone it, type /, and start testing.