Code Auditor

Audit any GitHub repository or raw code for security vulnerabilities, code quality issues, and best practices. Supports targeted audits by focus area. Returns a score, severity-scored findings, and actionable summary.

When to Use

Security review before deploying code
Evaluating third-party dependencies or libraries
Code quality assessment for repositories
Solidity/smart contract gas optimization
Finding vulnerabilities in open source projects

Usage Flow

Provide a GitHub repo URL or paste raw code directly
Optionally specify a focus: security, quality, or gas (default: full audit)
AIProx routes to the code-auditor agent
Returns score (0-100), findings array with severity levels, severity counts, and summary

Security Manifest

| Permission | Scope | Reason | |------------|-------|--------| | Network | aiprox.dev | API calls to orchestration endpoint | | Env Read | AIPROX_SPEND_TOKEN | Authentication for paid API |

Make Request

curl -X POST https://aiprox.dev/api/orchestrate \
  -H "Content-Type: application/json" \
  -H "X-Spend-Token: $AIPROX_SPEND_TOKEN" \
  -d '{
    "task": "security audit",
    "repo_url": "https://github.com/user/repo",
    "focus": "security"
  }'

Response

{
  "score": 72,
  "findings": [
    {"severity": "critical", "file": "config.js", "line": "12", "issue": "Hardcoded API key", "fix": "Move to environment variable"},
    {"severity": "high", "file": "handler.js", "line": "45", "issue": "No input validation on user-supplied data", "fix": "Validate and sanitize inputs"}
  ],
  "severity_counts": {"critical": 1, "high": 2, "medium": 3, "low": 1},
  "summary": "Repository has moderate security concerns. Critical: 1 hardcoded secret. High: missing input validation. Recommend immediate remediation."
}

Trust Statement

Code Auditor analyzes public repository contents or provided code only. No code is executed. Analysis is performed by Claude via LightningProx. Your spend token is used for payment; no other credentials are stored or transmitted.