🧪 Skills

Hefestoai Auditor

Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leav...

v2.2.0
❤️ 0
⬇️ 854
👁 2
Save📁 Collect
Share

Description

name: hefestoai-auditor version: "2.2.0" description: "Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine." metadata: { "openclaw": { "emoji": "🔨", "requires": { "bins": ["hefesto"] }, "install": [ { "id": "pip", "kind": "pip", "package": "hefesto-ai", "bins": ["hefesto"], "label": "Install HefestoAI (pip)" } ] } }

HefestoAI Auditor

Static code analysis for security, quality, and complexity. Supports 17 languages.

Privacy: All analysis runs locally. No code is transmitted to external services. No network calls are made during analysis.

Permissions: This tool reads source files in the specified directory (read-only). It does not modify your code.

Install

pip install hefesto-ai

Quick Start

hefesto analyze /path/to/project --severity HIGH

Severity Levels

hefesto analyze /path/to/project --severity CRITICAL   # Critical only
hefesto analyze /path/to/project --severity HIGH        # High + Critical
hefesto analyze /path/to/project --severity MEDIUM      # Medium + High + Critical
hefesto analyze /path/to/project --severity LOW         # Everything

Output Formats

hefesto analyze /path/to/project --output text                          # Terminal (default)
hefesto analyze /path/to/project --output json                          # Structured JSON
hefesto analyze /path/to/project --output html --save-html report.html  # HTML report
hefesto analyze /path/to/project --quiet                                # Summary only

Status and Version

hefesto status
hefesto --version

What It Detects

Security Vulnerabilities

  • SQL injection and command injection
  • Hardcoded secrets (API keys, passwords, tokens)
  • Insecure configurations (Dockerfiles, Terraform, YAML)
  • Path traversal and XSS risks

Semantic Drift (AI Code Integrity)

  • Logic alterations that preserve syntax but change intent
  • Architectural degradation from AI-generated code
  • Hidden duplicates and inconsistencies in monorepos

Code Quality

  • Cyclomatic complexity >10 (HIGH) or >20 (CRITICAL)
  • Deep nesting (>4 levels)
  • Long functions (>50 lines)
  • Code smells and anti-patterns

DevOps Issues

  • Dockerfile: missing USER, no HEALTHCHECK, running as root
  • Shell: missing set -euo pipefail, unquoted variables
  • Terraform: missing tags, hardcoded values

What It Does NOT Detect

  • Runtime network attacks (DDoS, port scanning)
  • Active intrusions (rootkits, privilege escalation)
  • Network traffic monitoring
  • For these, use SIEM/IDS/IPS or GCP Security Command Center

Supported Languages (17)

Code: Python, TypeScript, JavaScript, Java, Go, Rust, C#

DevOps/Config: Dockerfile, Jenkins/Groovy, JSON, Makefile, PowerShell, Shell, SQL, Terraform, TOML, YAML

Interpreting Results

file.py:42:10
  Issue: Hardcoded database password detected
  Function: connect_db
  Type: HARDCODED_SECRET
  Severity: CRITICAL
  Suggestion: Move credentials to environment variables or a secrets manager

Issue Types

Type Severity Action
VERY_HIGH_COMPLEXITY CRITICAL Fix immediately
HIGH_COMPLEXITY HIGH Fix in current sprint
DEEP_NESTING HIGH Refactor nesting levels
SQL_INJECTION_RISK HIGH Parameterize queries
HARDCODED_SECRET CRITICAL Remove and rotate
LONG_FUNCTION MEDIUM Split function

CI/CD Integration

# Fail build on HIGH or CRITICAL issues
hefesto analyze /path/to/project --fail-on HIGH

# Pre-push git hook
hefesto install-hook

# Limit output
hefesto analyze /path/to/project --max-issues 10

# Exclude specific issue types
hefesto analyze /path/to/project --exclude-types VERY_HIGH_COMPLEXITY,LONG_FUNCTION

Licensing

Tier Price Key Features
FREE $0/mo Static analysis, 17 languages, pre-push hooks
PRO $8/mo ML semantic analysis, REST API, BigQuery integration, custom rules
OMEGA $19/mo IRIS monitoring, auto-correlation, real-time alerts, team dashboard

All paid tiers include a 14-day free trial.

See pricing and subscribe at hefestoai.narapallc.com.

To activate a license, see the setup guide at hefestoai.narapallc.com/setup.

About

Created by Narapa LLC (Miami, FL) — Arturo Velasquez (@artvepa)

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k