Slash Command

/audit

Security audit checklist and vulnerability scanning

Install

Run in your terminal

npx claudepluginhub first-mover-tw/sui-dev-agents --plugin sui-dev-agents

Command Content

Other plugins with /audit

/audit

Logs agent interactions (prompts, responses, tool calls) to append-only .beads/interactions.jsonl. Also supports labeling prior entries via record|label args.

beads

20.3k

/audit

commands/

Audits UI code against design system for spacing, depth, color, and pattern violations. Reports file-specific issues and suggestions. Supports path argument or defaults to common UI paths.

interface-design

4.4k

/audit

security/

Performs security audit of codebase covering dependencies, secrets, OWASP Top 10, inputs, and auth. Produces severity-prioritized report with findings, fixes, and references.

claude-code-toolkit

1.0k

/audit

Runs Rust security audits (default) with cargo audit and geiger, or safety/concurrency/full modes using miri, rudra, lockbud. Outputs prioritized vulnerability reports and fix recommendations.

rust-skills

892

/audit

Audits iOS/Swift projects for issues like memory leaks, concurrency, accessibility, and security. Analyzes codebase to suggest relevant audits or runs specified area.

axiom

692

/audit

Performs security audit on codebase or specified target, checking dependency vulnerabilities, auth, input validation, data exposure, configs, and secrets. Outputs prioritized findings with remediation steps.

Bash(find:*)Bash(grep:*)

audit

624

Stats

Stars7

Forks1

Last CommitFeb 10, 2026

Actions

View Source View Plugin View on GitHub View README

Security Audit

When invoked, follow these steps:

Scan all Move files:

Find all .move files in sources/
Read and parse module structures
Identify public entry functions

Check for common vulnerabilities:

Access Control:

Public entry functions without capability checks
Missing owner/admin verification
Unprotected admin functions

Object Transfer:

transfer::public_transfer without validation
Missing recipient checks
Shared object concurrent access issues

Capability Management:

Capabilities with store ability (leakable)
Missing capability destruction
Improper capability delegation

Economic Exploits:

Integer overflow/underflow risks
Unchecked arithmetic operations
Price manipulation vectors
Flash loan vulnerabilities

Resource Handling:

Objects not consumed or transferred
Missing drop implementation cleanup
Dangling references

Type Safety:

Incorrect generic constraints
Missing phantom type parameters
Unsafe type conversions

Generate audit report:

Security Audit Report
=====================

CRITICAL (must fix):
- [sources/marketplace.move:45] Public entry function lacks capability check
- [sources/token.move:78] Integer overflow in mint function

HIGH (should fix):
- [sources/vault.move:23] Capability has 'store' ability (leakable)

MEDIUM (review):
- [sources/nft.move:56] Missing input validation

LOW (informational):
- [sources/utils.move:12] Unused function

PASSED:
✓ No public_transfer without validation
✓ Proper generic constraints
✓ No dangling references

Best practices check:

Use of one-time witnesses for type uniqueness
Publisher object for package verification
Proper event emission
Gas-efficient patterns

Recommendations:

Prioritize fixes by severity
Suggest specific code changes
Reference SUI security guidelines
Recommend external audit if needed

Save report:

Create audits/audit-<timestamp>.md
Include full details and code snippets
Track resolution status

Security Audit

When invoked, follow these steps:

Scan all Move files:
- Find all .move files in sources/
- Read and parse module structures
- Identify public entry functions
Check for common vulnerabilities:

Access Control:
- Public entry functions without capability checks
- Missing owner/admin verification
- Unprotected admin functions
Object Transfer:
- transfer::public_transfer without validation
- Missing recipient checks
- Shared object concurrent access issues
Capability Management:
- Capabilities with store ability (leakable)
- Missing capability destruction
- Improper capability delegation
Economic Exploits:
- Integer overflow/underflow risks
- Unchecked arithmetic operations
- Price manipulation vectors
- Flash loan vulnerabilities
Resource Handling:
- Objects not consumed or transferred
- Missing drop implementation cleanup
- Dangling references
Type Safety:
- Incorrect generic constraints
- Missing phantom type parameters
- Unsafe type conversions

Generate audit report:

Security Audit Report
=====================

CRITICAL (must fix):
- [sources/marketplace.move:45] Public entry function lacks capability check
- [sources/token.move:78] Integer overflow in mint function

HIGH (should fix):
- [sources/vault.move:23] Capability has 'store' ability (leakable)

MEDIUM (review):
- [sources/nft.move:56] Missing input validation

LOW (informational):
- [sources/utils.move:12] Unused function

PASSED:
✓ No public_transfer without validation
✓ Proper generic constraints
✓ No dangling references

Best practices check:
- Use of one-time witnesses for type uniqueness
- Publisher object for package verification
- Proper event emission
- Gas-efficient patterns
Recommendations:
- Prioritize fixes by severity
- Suggest specific code changes
- Reference SUI security guidelines
- Recommend external audit if needed
Save report:
- Create audits/audit-<timestamp>.md
- Include full details and code snippets
- Track resolution status