A2a Code Audit

# Code Audit & Security Scan

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "A2a Code Audit" with this command: npx skills add crftsmnd/a2a-code-audit

Code Audit & Security Scan

Static code analysis for security vulnerabilities, style violations, and bugs.

When to Use

Trigger on: "audit code", "scan for bugs", "security check", "code review", "find vulnerabilities"

What This Does

  • Analyzes code for common security issues
  • Checks for style violations
  • Identifies potential bugs
  • Returns structured report with severity levels

Supported Languages

  • Python
  • JavaScript/TypeScript

Workflow

Step 1: Receive Code

Get code to analyze + language.

Step 2: Static Analysis

Analyze using pattern matching and heuristics:

Python checks:

  • Use of eval(), exec(), import()
  • Hardcoded credentials
  • SQL injection risks
  • Path traversal
  • Insecure random

JS/TS checks:

  • eval() usage
  • innerHTML without sanitization
  • Hardcoded API keys
  • console.log in production code

Step 3: Scoring

Score = 100 - (issues_found × severity_weight)
Verdict: PASS (>80), WARN (50-80), FAIL (<50)

Step 4: Present Results

## Code Audit: [language]

### Summary
| Metric | Value |
|--------|-------|
| Score | [X]/100 |
| Verdict | [PASS/WARN/FAIL] |
| Issues | [N] |

### Issues
1. [SEVERITY] [issue description] (line [N])
2. ...

### Recommendations
- [fix suggestions]

No External Tools Required

This skill uses only:

  • Platform exec tool
  • Pattern matching
  • No external binaries needed

Example

## Code Audit: Python

### Summary
| Metric | Value |
|--------|-------|
| Score | 70/100 |
| Verdict | WARN |
| Issues | 3 |

### Issues
1. HIGH: eval() usage (line 2)
2. MEDIUM: hardcoded 'password' (line 5)
3. LOW: unused import 'os' (line 1)

### Recommendations
- Replace eval() with safer alternatives
- Use environment variables for secrets
- Remove unused imports

Notes

  • Works with platform tools only
  • No install steps required
  • Pattern-based analysis (not full compiler)
  • Always note limitations in report

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

A2A-Code-Audit

Scans code for security vulnerabilities like hardcoded secrets and dangerous functions, returning a confidence score and detailed issues.

Registry SourceRecently Updated
830Profile unavailable
Security

Session Password

Provides secure session authentication using bcrypt-hashed passwords, security questions, email recovery, and lockout protection with audit logging.

Registry SourceRecently Updated
2841Profile unavailable
Security

Memory-Auditor

Audits an agent's claims against stored memory to detect fabricated or drifted details and assess memory consistency with token-level analysis.

Registry SourceRecently Updated
800Profile unavailable
Security

Agent Security Harness

Security test AI agent systems against protocol-level attacks. Use when: (1) testing MCP servers for tool poisoning, capability escalation, or protocol downg...

Registry Source
2241Profile unavailable