hefestoai-auditor

Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.

View Source SKILL.md

Stars

Installs

Status

ACTIVE

Visibility

PUBLIC

安装方式

直接复制以下提示词，发送给你的 AI 助手即可完成安装。

请先检查是否已安装 SkillHub 商店，若未安装，请根据 https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/skillhub.md 安装 SkillHub 商店，然后安装 hefestoai-auditor 技能。若已安装，则直接安装 hefestoai-auditor 技能。

Overview

Skill Key: artvepa80/hefestoai-auditor
Author: artvepa80
Source Repo: openclaw/skills
Version: 2.2.0
Source Path: skills/artvepa80/hefestoai-auditor
Latest Commit SHA: 45edff86a375feb403983c33cbb5ef567c8f7644

Extracted Content

SKILL.md excerpt

# HefestoAI Auditor

Static code analysis for security, quality, and complexity. Supports 17 languages.

**Privacy:** All analysis runs locally. No code is transmitted to external services. No network calls are made during analysis.

**Permissions:** This tool reads source files in the specified directory (read-only). It does not modify your code.

---

## Install

```bash
pip install hefesto-ai
```

## Quick Start

```bash
hefesto analyze /path/to/project --severity HIGH
```

### Severity Levels

```bash
hefesto analyze /path/to/project --severity CRITICAL   # Critical only
hefesto analyze /path/to/project --severity HIGH        # High + Critical
hefesto analyze /path/to/project --severity MEDIUM      # Medium + High + Critical
hefesto analyze /path/to/project --severity LOW         # Everything
```

### Output Formats

```bash
hefesto analyze /path/to/project --output text                          # Terminal (default)
hefesto analyze /path/to/project --output json                          # Structured JSON
hefesto analyze /path/to/project --output html --save-html report.html  # HTML report
hefesto analyze /path/to/project --quiet                                # Summary only
```

### Status and Version

```bash
hefesto status
hefesto --version
```

---

## What It Detects

### Security Vulnerabilities
- SQL injection and command injection
- Hardcoded secrets (API keys, passwords, tokens)
- Insecure configurations (Dockerfiles, Terraform, YAML)
- Path traversal and XSS risks

### Semantic Drift (AI Code Integrity)
- Logic alterations that preserve syntax but change intent
- Architectural degradation from AI-generated code
- Hidden duplicates and inconsistencies in monorepos

### Code Quality
- Cyclomatic complexity >10 (HIGH) or >20 (CRITICAL)
- Deep nesting (>4 levels)
- Long functions (>50 lines)
- Code smells and anti-patterns

### DevOps Issues
- Dockerfile: missing USER, no HEALTHCHECK, running as root
- Shell: missing `set -euo pipefail`, unquoted variables...

Related Claw Skills

aicodelion

agent-pack-n-go

★ 73

🚀 Clone your OpenClaw AI Agent to a new device in ~25 minutes — configs, memory, skills, everything.

heyixuan2

bambu-studio-ai

★ 41

Bambu Lab 3D printer control and automation. Activate when user mentions: printer status, 3D printing, slice, analyze model, generate 3D, AMS filament, print monitor, Bambu Lab, or any 3D printing task. Full pipeline: search → generate → analyze → colorize → preview → open BS → user slice → print → monitor. Supports all 9 Bambu Lab printers (A1 Mini, A1, P1S, P2S, X1C, X1E, H2C, H2S, H2D).

cacheforge-ai

cacheforge-skills

★ 8

⚡ SOTA agent skills for OpenClaw — observability, security, code quality, incident response, and more. Built by Anvil AI.

zjianru

restart-guard

★ 5

OpenClaw Skill: Safely restart the Gateway with context preservation, guardian watchdog, and multi-channel notification

jgm2025

linux-patcher-skill

★ 3

Automated Linux server patching with PatchMon integration for OpenClaw

cyrustmods

OPENCLAW-SKILL-SAFE

★ 1

🛡️ Audit and verify OpenClaw skills for safety, ensuring quality with 395 safe skills from an in-depth analysis of over 4,000 entries.