Slash Command

/audit

Scans .move files in sources/ for vulnerabilities like access control issues, object transfers, and economic exploits; generates severity-prioritized audit report and saves as audits/audit-<timestamp>.md.

security

code-quality

npx claudepluginhub first-mover-tw/sui-dev-agents --plugin sui-dev-agents

Popularity

Stars

Forks

Invocation

How this command is triggered — by the user, by Claude, or both

Slash command

/sui-dev-agents:audit

Model invocable

No pre-commands

Context Preview

The summary Claude sees in its command listing — used to decide when to auto-load this command

# Security Audit

When invoked, follow these steps:

1. **Scan all Move files**:
   - Find all `.move` files in `sources/`
   - Read and parse module structures
   - Identify public entry functions

2. **Check for common vulnerabilities**:

   **Access Control**:
   - Public entry functions without capability checks
   - Missing owner/admin verification
   - Unprotected admin functions

   **Object Transfer**:
   - `transfer::public_transfer` without validation
   - Missing recipient checks
   - Shared object concurrent access issues

   **Capability Management**:
   - Capabilities with `st...

Command Content

88 lines · ~578 tokens

Other plugins with /audit

/cairo-auditor

Audits Cairo smart contracts in the current repo or specified files, supporting deep/adversarial mode and file output. Produces security and quality reports.

starknet-agentic-skills

/kasi-security

Runs security audit on project codebase: detects stack (PHP/Node/Python/etc.), loads checklist, scans files for SQLi/XSS/CSRF/auth bypass/etc., outputs prioritized findings with confidence labels.

kasidit

/audit

23.9k

Logs and labels agent interactions (prompts, responses, tool calls) to an append-only JSONL file. Subcommands: record and label.

beads

/audit

4.9k

Audits UI code against design system for spacing, depth, color, and pattern violations. Reports file-specific issues and suggestions. Supports path argument or defaults to common UI paths.

interface-design

/audit

2.0k

Audits an existing asset for on-page SEO, content quality (CORE-EEAT), technical SEO, AI-visibility/GEO readiness, and domain authority. Also supports --full, --tech, --visibility, --authority, and --competitors flags.

aaron-seo-geo

/audit

1.7k

Performs security audit of codebase for dependency vulnerabilities, secrets, OWASP Top 10, input validation, auth issues, and misconfigs. Outputs findings report by severity with fixes and references.

claude-code-toolkit

Stats

LanguageHTML

Stars7

Forks2

MaintenanceExcellent

Last CommitJun 6, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

# Security Audit When invoked, follow these steps: 1. **Scan all Move files**: - Find all `.move` files in `sources/` - Read and parse module structures - Identify public entry functions 2. **Check for common vulnerabilities**: **Access Control**: - Public entry functions without capability checks - Missing owner/admin verification - Unprotected admin functions **Object Transfer**: - `transfer::public_transfer` without validation - Missing recipient checks - Shared object concurrent access issues **Capability Management**: - Capabilities with `st...

Security Audit

When invoked, follow these steps:

Scan all Move files:

Find all .move files in sources/
Read and parse module structures
Identify public entry functions

Check for common vulnerabilities:

Access Control:

Public entry functions without capability checks
Missing owner/admin verification
Unprotected admin functions

Object Transfer:

transfer::public_transfer without validation
Missing recipient checks
Shared object concurrent access issues

Capability Management:

Capabilities with store ability (leakable)
Missing capability destruction
Improper capability delegation

Economic Exploits:

Integer overflow/underflow risks
Unchecked arithmetic operations
Price manipulation vectors
Flash loan vulnerabilities

Resource Handling:

Objects not consumed or transferred
Missing drop implementation cleanup
Dangling references

Type Safety:

Incorrect generic constraints
Missing phantom type parameters
Unsafe type conversions

Generate audit report:

Security Audit Report
=====================

CRITICAL (must fix):
- [sources/marketplace.move:45] Public entry function lacks capability check
- [sources/token.move:78] Integer overflow in mint function

HIGH (should fix):
- [sources/vault.move:23] Capability has 'store' ability (leakable)

MEDIUM (review):
- [sources/nft.move:56] Missing input validation

LOW (informational):
- [sources/utils.move:12] Unused function

PASSED:
✓ No public_transfer without validation
✓ Proper generic constraints
✓ No dangling references

Best practices check:

Use of one-time witnesses for type uniqueness
Publisher object for package verification
Proper event emission
Gas-efficient patterns

Recommendations:

Prioritize fixes by severity
Suggest specific code changes
Reference SUI security guidelines
Recommend external audit if needed

Save report:

Create audits/audit-<timestamp>.md
Include full details and code snippets
Track resolution status

Security Audit

When invoked, follow these steps:

Scan all Move files:
- Find all .move files in sources/
- Read and parse module structures
- Identify public entry functions
Check for common vulnerabilities:

Access Control:
- Public entry functions without capability checks
- Missing owner/admin verification
- Unprotected admin functions
Object Transfer:
- transfer::public_transfer without validation
- Missing recipient checks
- Shared object concurrent access issues
Capability Management:
- Capabilities with store ability (leakable)
- Missing capability destruction
- Improper capability delegation
Economic Exploits:
- Integer overflow/underflow risks
- Unchecked arithmetic operations
- Price manipulation vectors
- Flash loan vulnerabilities
Resource Handling:
- Objects not consumed or transferred
- Missing drop implementation cleanup
- Dangling references
Type Safety:
- Incorrect generic constraints
- Missing phantom type parameters
- Unsafe type conversions

Generate audit report:

Security Audit Report
=====================

CRITICAL (must fix):
- [sources/marketplace.move:45] Public entry function lacks capability check
- [sources/token.move:78] Integer overflow in mint function

HIGH (should fix):
- [sources/vault.move:23] Capability has 'store' ability (leakable)

MEDIUM (review):
- [sources/nft.move:56] Missing input validation

LOW (informational):
- [sources/utils.move:12] Unused function

PASSED:
✓ No public_transfer without validation
✓ Proper generic constraints
✓ No dangling references

Best practices check:
- Use of one-time witnesses for type uniqueness
- Publisher object for package verification
- Proper event emission
- Gas-efficient patterns
Recommendations:
- Prioritize fixes by severity
- Suggest specific code changes
- Reference SUI security guidelines
- Recommend external audit if needed
Save report:
- Create audits/audit-<timestamp>.md
- Include full details and code snippets
- Track resolution status

/audit

Popularity

Invocation

Context Preview

Command Content

Other plugins with /audit

Help us improve

Help us improve

Find plugins for your project

/audit

Popularity

Invocation

Context Preview

Command Content

Security Audit

Other plugins with /audit

Help us improve

Security Audit