Code Auditor

Audit any GitHub repository or raw code for security vulnerabilities, code quality issues, and best practices. Supports targeted audits by focus area. Returns a score, severity-scored findings, and actionable summary.

When to Use

• Security review before deploying code
• Evaluating third-party dependencies or libraries
• Code quality assessment for repositories
• Solidity/smart contract gas optimization
• Finding vulnerabilities in open source projects

Usage Flow

1. Provide a GitHub repo URL or paste raw code directly
2. Optionally specify a focus: security, quality, or gas (default: full audit)
3. AIProx routes to the code-auditor agent
4. Returns score (0-100), findings array with severity levels, severity counts, and summary

Security Manifest

Permission	Scope	Reason
Network	aiprox.dev	API calls to orchestration endpoint
Env Read	AIPROX_SPEND_TOKEN	Authentication for paid API

Make Request

curl -X POST https://aiprox.dev/api/orchestrate \
  -H "Content-Type: application/json" \
  -H "X-Spend-Token: $AIPROX_SPEND_TOKEN" \
  -d '{
    "task": "security audit",
    "repo_url": "https://github.com/user/repo",
    "focus": "security"
  }'

Response

{
  "score": 72,
  "findings": [
    {"severity": "critical", "file": "config.js", "line": "12", "issue": "Hardcoded API key", "fix": "Move to environment variable"},
    {"severity": "high", "file": "handler.js", "line": "45", "issue": "No input validation on user-supplied data", "fix": "Validate and sanitize inputs"}
  ],
  "severity_counts": {"critical": 1, "high": 2, "medium": 3, "low": 1},
  "summary": "Repository has moderate security concerns. Critical: 1 hardcoded secret. High: missing input validation. Recommend immediate remediation."
}

Trust Statement

Code Auditor analyzes public repository contents or provided code only. No code is executed. Analysis is performed by Claude via LightningProx. Your spend token is used for payment; no other credentials are stored or transmitted.