{"skill":{"slug":"code-auditor","displayName":"Code Auditor","summary":"Audit any GitHub repo or raw code for security, quality, or gas optimization. Returns score, findings, severity counts, and summary.","description":"---\nname: code-auditor\ndescription: Audit any GitHub repo or raw code for security, quality, or gas optimization. Returns score, findings, severity counts, and summary.\nacceptLicenseTerms: true\nmetadata:\n  clawdbot:\n    emoji: \"🔍\"\n    homepage: https://aiprox.dev\n    requires:\n      env:\n        - AIPROX_SPEND_TOKEN\n---\n\n# Code Auditor\n\nAudit any GitHub repository or raw code for security vulnerabilities, code quality issues, and best practices. Supports targeted audits by focus area. Returns a score, severity-scored findings, and actionable summary.\n\n## When to Use\n\n- Security review before deploying code\n- Evaluating third-party dependencies or libraries\n- Code quality assessment for repositories\n- Solidity/smart contract gas optimization\n- Finding vulnerabilities in open source projects\n\n## Usage Flow\n\n1. Provide a GitHub repo URL **or** paste raw code directly\n2. Optionally specify a `focus`: `security`, `quality`, or `gas` (default: full audit)\n3. AIProx routes to the code-auditor agent\n4. Returns score (0-100), findings array with severity levels, severity counts, and summary\n\n## Security Manifest\n\n| Permission | Scope | Reason |\n|------------|-------|--------|\n| Network | aiprox.dev | API calls to orchestration endpoint |\n| Env Read | AIPROX_SPEND_TOKEN | Authentication for paid API |\n\n## Make Request\n\n```bash\ncurl -X POST https://aiprox.dev/api/orchestrate \\\n  -H \"Content-Type: application/json\" \\\n  -H \"X-Spend-Token: $AIPROX_SPEND_TOKEN\" \\\n  -d '{\n    \"task\": \"security audit\",\n    \"repo_url\": \"https://github.com/user/repo\",\n    \"focus\": \"security\"\n  }'\n```\n\n### Response\n\n```json\n{\n  \"score\": 72,\n  \"findings\": [\n    {\"severity\": \"critical\", \"file\": \"config.js\", \"line\": \"12\", \"issue\": \"Hardcoded API key\", \"fix\": \"Move to environment variable\"},\n    {\"severity\": \"high\", \"file\": \"handler.js\", \"line\": \"45\", \"issue\": \"No input validation on user-supplied data\", \"fix\": \"Validate and sanitize inputs\"}\n  ],\n  \"severity_counts\": {\"critical\": 1, \"high\": 2, \"medium\": 3, \"low\": 1},\n  \"summary\": \"Repository has moderate security concerns. Critical: 1 hardcoded secret. High: missing input validation. Recommend immediate remediation.\"\n}\n```\n\n## Trust Statement\n\nCode Auditor analyzes public repository contents or provided code only. No code is executed. Analysis is performed by Claude via LightningProx. Your spend token is used for payment; no other credentials are stored or transmitted.\n","topics":["GitHub"],"tags":{"latest":"1.1.0"},"stats":{"comments":0,"downloads":778,"installsAllTime":29,"installsCurrent":4,"stars":0,"versions":3},"createdAt":1773170231002,"updatedAt":1778491811973},"latestVersion":{"version":"1.1.0","createdAt":1773473705011,"changelog":"Now supports model selection — specify any of 19 models across 5 providers per request (e.g. gemini-2.5-flash, mistral-large-latest, claude-opus-4-5-20251101)","license":"MIT-0"},"metadata":{"setup":[{"key":"AIPROX_SPEND_TOKEN","required":true}],"os":null,"systems":null},"owner":{"handle":"unixlamadev-spec","userId":"s173nr0teechvmbjjz4j5r9nen83gjtb","displayName":"unixlamadev-spec","image":"https://avatars.githubusercontent.com/u/251052015?v=4"},"moderation":null}