A new argosbrain init installs exactly two skills: /argos-security (the Red Team Audit orchestrator, nine attacker perspectives) and /argos-doctor (30-second codebase health). The remaining ~43 atomic skills are opt-in via --skill-pack full — power users only. Lean default, deep when you ask.
/argos-security
🔴 Red Team Audit (Card 2 explicit surface).
Nine attacker perspectives — Recon, Web/API, Cloud, AI/LLM, Supply-chain, Build & Release, Forgotten Attack Surface, Surface Drift Watch, Privilege Boundary Leaks. Composed into MITRE ATT&CK kill chains, ranked by (impact × confidence) / cost-to-exploit. PoC pseudocode for your team's verification; no live exploits.
Absorbs: security-reviewer · auth-bypass-finder · csrf-token-tracer · permission-uniformity · cors-misconfig · pii-flow-mapper · compliance-proofs · prompt-injection-surface · supply-chain-tracer · oss-backdoor. One command — the whole adversarial pass.
/argos-doctor
30-second codebase health report.
First thing to run after argosbrain init. Single-screen output — no clarifying questions, no prompts. Detects framework, surfaces top hubs (PageRank-style centrality), dead-code count, top sink kind, naming-convention drift, projected token-savings vs. raw grep dance.
Why it ships by default: new users invariably ask "ok, I installed it — now what?". /argos-doctor is the canonical answer. Demo-friendly, zero friction.
Pre-v0.64.0 ArgosBrain installed 44 slash commands by default. We learned (from our own dogfood and from HN feedback on similar MCP servers) that large slash-command catalogues are counter-productive:
/argos-blast-radius vs /argos-pr-reviewer vs /argos-security-reviewer) compete with each other; no single one gets enough mind-share to feel canonical.So we ship two skills that compose every other capability internally — and the remaining ~43 stay available for power users who want the granularity. Everyone wins: defaults are lean, power-users have full surface, narrative is honest.
Run argosbrain init --skill-pack full and the remaining ~43 atomic skills install alongside the two defaults. The hidden tools they invoke (argos_lint, argos_stats, control_flow_path, arch_snapshot, etc.) remain callable from inside skills even when not visible in the agent's catalog.
# Default install — 2 skills $ argosbrain init --install-config . ✓ Agent skills installed to ~/.claude/skills (2): /argos-security /argos-doctor # Full pack — adds ~43 atomic skills $ argosbrain init --install-config --skill-pack full . ✓ Agent skills installed to ~/.claude/skills (2): /argos-security /argos-doctor ✓ Enterprise skill catalogue installed (43 more): /argos-blast-radius · /argos-fake-done-detector /argos-config-explosion · /argos-api-surface-mapper /argos-test-gap-analyzer · /argos-tech-debt-quantifier /argos-monolith-extractor · /argos-csrf-token-tracer ...
/argos-blast-radiusInbound caller fanout for any function, type, or symbol you're about to change. Powers Card 1 hooks invisibly; surface explicitly for refactor planning sessions.
/argos-fake-done-detectorScan project for stub markers across 50+ languages (Rust todo!(), Python NotImplementedError, JS not-implemented throws). Card 1 runs this via PostToolUse hook automatically; surface explicitly for a full-repo sweep.
/argos-config-explosionEvery env var, feature flag, and runtime knob — where each is read and what branches off it.
/argos-api-surface-mapperLive OpenAPI / Markdown of every public HTTP handler with input/output type shapes. Card 2's Surface Drift Watch uses this internally.
/argos-test-gap-analyzerFunctions reachable in production but reached by zero tests. Coverage gaps line tools miss.
/argos-tech-debt-quantifierRank refactor targets by complexity × churn × inbound caller count. Triage your tech debt list with structural signals.
/argos-monolith-extractorModule-level boundary analysis before splitting a microservice out. Lists every cross-boundary call.
/argos-csrf-token-tracerState-changing endpoints reachable without a CSRF token check. Card 2's Web/API perspective uses this internally.
/argos-prompt-injection-surfaceEvery place untrusted user input reaches an LLM API call. Card 2's AI/LLM perspective composes this.
/argos-supply-chain-tracerTrace where a vulnerable dep is actually used. Card 2's Supply-chain perspective composes this.
/argos-oss-backdoorXZ-style upstream-tarball diff. Catches CVE-2024-3094-class supply-chain attacks. Card 2's Build & Release perspective composes this.
/argos-pii-flow-mapperEnd-to-end PII data lineage: from input handler through every transformation to every sink.
Plus ~30 more in the full pack — onboarding, architecture, testing, migration, AI engineering, ML/AI research, backend correctness verticals.
If your fire isn't covered by /argos-security or /argos-doctor — compliance audit prep, M&A code due diligence, refactor blast-radius, smart-contract reachability, monolith extraction — the engine has the primitives. The skill exists in the full pack. We just don't promote each as its own slash command.
Email [email protected] with the use case. We'll either point you at the engine subset that solves it, or — if demand justifies — surface it as a third card on the services page.
Sign in with GitHub → · See the two services · How it works · Read the three papers · Talk to engineering