MethodologySlash-Command Library

Methodology as code. Not scripts. Not checklists.

Skills

Your AI coding assistant already has the IQ—Skills gives it the methodology. Drop 25 chainable slash commands into Claude Code or OpenCode and the same agent that writes your features can red-team them, review source against OWASP ASVS 5.0, or model threats against your architecture. One git clone. No SaaS. No lock-in.

claude code · /skills 25 commands
Command palette — click a skill
Skill
/pentester

Full autonomous engagement — recon, exploitation, proof, and report — chaining into other skills as it finds things.

$ /pentester target=app.example.com
SQLi at /api/v1/user
→ auto-chain /web-exploit writes pocs/sqli-user.http
→ auto-chain /remediate ✓ patch · tests pass
✓ report.md — 1 critical, 2 medium

One / command kicks off a chain that finds, exploits, and fixes.

Security expertise, one slash away.

Methodology as code

Skills teach attack, defense, and review patterns—the model invents the work. No script libraries, no regex catalogs to maintain.

Skills chain themselves

/pentester finds SQLi → fires /web-exploit. /codebase spots an LLM call → fires /ai-redteam. Complete coverage, no stitching.

Framework-aligned

OWASP Web, API & LLM Top 10, ASVS 5.0 (427 requirements across 16 chapters), AITG, the MCP Top 10, MITRE ATT&CK, PASTA, and STRIDE—baked into the methodology itself.

Agent-agnostic

Claude Code, OpenCode, any MCP-capable client. Your agent, your rules, no vendor lock-in.

25 skills, five disciplines.

Penetration testing

Cloud, infrastructure & identity

Recon & analysis

AI safety & red-team

Reporting & remediation

Select a skill

Click any command above to see what it does.

One command. No dependencies.

terminal
$ git clone --recursive https://github.com/0x0pointer/agent-smith
$ cd agent-smith && ./installers/install.sh
 
installs to ~/.claude/skills/ or ~/.config/opencode/commands/
Open your agent, type “/” — 25 commands, ready.
Claude CodeOpenCodeMCPAGPL v3.0

Give your agent the methodology.

Community-driven and open source under AGPL v3.0. Clone it, type /, and start testing.