Code Auditor
Audit any GitHub repository or raw code for security vulnerabilities, code quality issues, and best practices. Supports targeted audits by focus area. Returns a score, severity-scored findings, and actionable summary.
When to Use
- Security review before deploying code
- Evaluating third-party dependencies or libraries
- Code quality assessment for repositories
- Solidity/smart contract gas optimization
- Finding vulnerabilities in open source projects
Usage Flow
- Provide a GitHub repo URL or paste raw code directly
- Optionally specify a
focus:security,quality, orgas(default: full audit) - AIProx routes to the code-auditor agent
- Returns score (0-100), findings array with severity levels, severity counts, and summary
Security Manifest
| Permission | Scope | Reason |
|---|---|---|
| Network | aiprox.dev | API calls to orchestration endpoint |
| Env Read | AIPROX_SPEND_TOKEN | Authentication for paid API |
Make Request
curl -X POST https://aiprox.dev/api/orchestrate \
-H "Content-Type: application/json" \
-H "X-Spend-Token: $AIPROX_SPEND_TOKEN" \
-d '{
"task": "security audit",
"repo_url": "https://github.com/user/repo",
"focus": "security"
}'
Response
{
"score": 72,
"findings": [
{"severity": "critical", "file": "config.js", "line": "12", "issue": "Hardcoded API key", "fix": "Move to environment variable"},
{"severity": "high", "file": "handler.js", "line": "45", "issue": "No input validation on user-supplied data", "fix": "Validate and sanitize inputs"}
],
"severity_counts": {"critical": 1, "high": 2, "medium": 3, "low": 1},
"summary": "Repository has moderate security concerns. Critical: 1 hardcoded secret. High: missing input validation. Recommend immediate remediation."
}
Trust Statement
Code Auditor analyzes public repository contents or provided code only. No code is executed. Analysis is performed by Claude via LightningProx. Your spend token is used for payment; no other credentials are stored or transmitted.