π¦ ClawHub
Audit Code
by @itsnishi
Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities
TERMINAL
clawhub install audit-codeπ About This Skill
name: audit-code description: Security-focused code review for hardcoded secrets, dangerous calls, and common vulnerabilities disable-model-invocation: true allowed-tools: Read, Glob, Grep, Bash context: fork
audit-code -- Project Code Security Review
Security-focused code review of project source code. Covers OWASP-style vulnerabilities, hardcoded secrets, dangerous function calls, and patterns relevant to AI-assisted development.
What to do
Run the auditor against the target path:
python3 "$SKILL_DIR/scripts/audit_code.py" "$ARGUMENTS"
If $ARGUMENTS is empty, default to $PROJECT_ROOT.
What it checks
Output
Structured report with severity-ranked findings, file locations, and actionable remediation steps.
When to use
Advisory hooks
The repository's .claude/settings.json includes PreToolUse hooks that warn on
dangerous Bash and Write operations. These hooks are advisory only -- they
produce warnings but do not block execution.
{"decision": "block"}