By Niraj-Kamdar
Solana + full-stack security auditor: 20 checklists / 1,346 items / 131 known-vectors, severity 1-10, scope-gated loading. A full audit-firm lifecycle (automated + interactive), executable PoC + fix-patch delivery, a Rust pre-scanner + cross-audit memory for token efficiency, native rigor gates (context reconstruction, false-positive validation, maturity scorecard), and orchestrated Trail of Bits execution tooling (SAST, fuzzing, coverage, mutation).
Flow B — AI-assisted iterative audit with a human in the loop. Same lifecycle as audit-cycle, but pauses at checkpoints to surface confirmed findings, the next-focus plan, and targeted questions only the human can answer (business context, trust model, severity calls). The human steers; the agent re-synthesizes toward the audit document.
Flow A — fully automated audit-firm lifecycle. Runs scope → context → tool-assisted first pass → domain-partitioned manual review → independent reconciliation → client report end-to-end, and delivers a professional audit report (MD + optional PDF). Audit-shaped automation, not a substitute for a human firm audit.
Aggregate audit checkpoints into the final report — executive summary, Scope Coverage, findings by severity, maturity scorecard, and remediation roadmap.
Full scope-gated security audit of a Solana / full-stack repository — discovery, context reconstruction, per-item checklist verdicts, false-positive validation, and a severity-ranked report.
Deep single-instruction / single-function security review using the instruction worksheet, context reconstruction, and adversarial exploit modeling.
Builds the pre-review threat model before any verdict — asset inventory, actor x capability table, and trust-boundary map — reconstructed from the code and the context worksheets. Drives /auditor:threat-model in a full audit, analogous to how context-builder drives Phase 0.5. No verdicts; attacker-goal enumeration only.
Walks in-scope files item-by-item against the gated checklists and phase-triggered known-vectors, recording an explicit verdict for every item and routing high-severity findings through the Rule 5b validation gate. The core audit worker.
Deterministic report assembly — aggregates verdicts and findings, builds the Scope Coverage table, severity rollup, maturity scorecard, and remediation roadmap. No code reasoning; keeps report generation cheap.
Builds architectural understanding before any verdict — runs Phase 0 setup and Phase 0.5 Context Reconstruction, producing the instruction matrix, state model, and per-function worksheets. Spawned first in a full audit.
Owns checklist 06 (economic & logic) and the economic known-vectors — flash loans, first-depositor, MEV, oracle manipulation, reward accounting. Drives economic simulation to quantify profitability.
Uses power tools
Uses Bash, Write, or Edit tools
Runs pre-commands
Contains inline bash commands via ! syntax
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Production-grade security audit for any codebase, powered by AI agents. 20 checklists · 1,346 verification items · 131 known attack vectors · executable PoCs + fix patches A full audit-firm lifecycle (automated + interactive) · Benchmarked against CertiK, SOC 2, OWASP Top 10:2025 Verify COSTS.md as a referecence - Running this audit can burn a lot of credits.
auditor-skill is a skill file (a structured prompt + checklists) that turns any LLM agent (Copilot, Cursor, Windsurf, Claude Code, Codex, etc.) into a professional-grade security auditor. It reads your code file by file, checks 1,346 items across 20 security domains, tests against 131 real-world attack vectors, and produces a structured report with severity scores.
It is not a SaaS product. It's a folder of markdown files you clone into your repo or give to an AI agent.
Adaptation required before use. This skill was originally developed for a specific Solana/Anchor DeFi project and then generalized. Before running it on your project you must update
discovery/file-map.mdwith your actual folder structure, file names, and state variable names. The questionnaire inQUESTIONS.mdis a blank template — fill it out (or run/auditor:intake) for your project before invoking the auditor. Everything else (checklists, known vectors, output rules) is fully portable as-is.
/auditor:audit-cycle runs the whole engagement autonomously (intake → context → threat model → tool-assisted pass → domain-partitioned review → triage → independent peer review → synthesis) and hands back a professional client report. /auditor:audit-assist runs the same pipeline interactively, pausing at checkpoints for the calls only you can make./auditor:poc builds a runnable exploit (Mollusk / LiteSVM / Surfpool-fork / fuzz) that asserts the vulnerability, and /auditor:patch drafts a minimal fix and proves it reverts the exploit. Evidence is tiered ([PoC-REPRODUCED] … [PoC-PROSE]); prose is never dropped when a harness can't be built.audit-scan) enumerates the risky surface deterministically (~$0), cutting ~30-40% of input tokens on large programs. A cross-audit memory store (audit-mem) gives exact dedup, regression detection, and false-positive suppression across runs.| Guide | What's inside |
|---|---|
| docs/getting-started.md | Install, submodule init, build the Rust tools, run your first audit |
| docs/audit-flows.md | The lifecycle and when to use each flow (/audit, /audit-cycle, /audit-assist, /re-audit) |
| docs/commands.md | Reference for all 15 commands |
| docs/agents.md | The 8-agent roster and how they chain |
| docs/power-tools.md | audit-scan, audit-mem, Trail of Bits, Surfpool, PoC/patch harnesses |
| docs/poc-and-patches.md | Executable exploit + fix-patch delivery |
| docs/output-and-rigor.md | Severity, the Rule 5b gate, scope-gated loading, report format |
npx claudepluginhub niraj-kamdar/auditorComprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.
Harness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Upstash Context7 MCP server for up-to-date documentation lookup. Pull version-specific documentation and code examples directly from source repositories into your LLM context.
Consult multiple AI coding agents (Gemini, OpenAI, Grok, Perplexity, plus codex, antigravity, and grok CLIs when installed) to get diverse perspectives on coding problems
Comprehensive startup business analysis with market sizing (TAM/SAM/SOM), financial modeling, team planning, and strategic research
v9.54.0 — Reliability wave: tangle contextual review correction loop with hard round ceiling, progress-supervised review rounds (per-agent stall watch, descendant-tree kills), council diversity and agy pin fixes, marketplace generator source-of-truth fix, provider troubleshooting runbook and cost-expectations docs. Run /octo:setup.