个人中心
今日签到
私信列表
消息中心
搜索全站
q_code

扫码关注官方微信
cell_code

扫码下载APP
返回顶部
技能集市 > AI智能 > hefestoai-auditor
h

hefestoai-auditor

Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.

作者: admin | 来源: ClawHub
源自
ClawHub
版本
V 2.2.0
安全检测
已通过
1,108
下载量
0
收藏
概述
安装方式
版本历史

hefestoai-auditor

# HefestoAI Auditor Static code analysis for security, quality, and complexity. Supports 17 languages. **Privacy:** All analysis runs locally. No code is transmitted to external services. No network calls are made during analysis. **Permissions:** This tool reads source files in the specified directory (read-only). It does not modify your code. --- ## Install ```bash pip install hefesto-ai ``` ## Quick Start ```bash hefesto analyze /path/to/project --severity HIGH ``` ### Severity Levels ```bash hefesto analyze /path/to/project --severity CRITICAL # Critical only hefesto analyze /path/to/project --severity HIGH # High + Critical hefesto analyze /path/to/project --severity MEDIUM # Medium + High + Critical hefesto analyze /path/to/project --severity LOW # Everything ``` ### Output Formats ```bash hefesto analyze /path/to/project --output text # Terminal (default) hefesto analyze /path/to/project --output json # Structured JSON hefesto analyze /path/to/project --output html --save-html report.html # HTML report hefesto analyze /path/to/project --quiet # Summary only ``` ### Status and Version ```bash hefesto status hefesto --version ``` --- ## What It Detects ### Security Vulnerabilities - SQL injection and command injection - Hardcoded secrets (API keys, passwords, tokens) - Insecure configurations (Dockerfiles, Terraform, YAML) - Path traversal and XSS risks ### Semantic Drift (AI Code Integrity) - Logic alterations that preserve syntax but change intent - Architectural degradation from AI-generated code - Hidden duplicates and inconsistencies in monorepos ### Code Quality - Cyclomatic complexity >10 (HIGH) or >20 (CRITICAL) - Deep nesting (>4 levels) - Long functions (>50 lines) - Code smells and anti-patterns ### DevOps Issues - Dockerfile: missing USER, no HEALTHCHECK, running as root - Shell: missing `set -euo pipefail`, unquoted variables - Terraform: missing tags, hardcoded values ### What It Does NOT Detect - Runtime network attacks (DDoS, port scanning) - Active intrusions (rootkits, privilege escalation) - Network traffic monitoring - For these, use SIEM/IDS/IPS or GCP Security Command Center --- ## Supported Languages (17) **Code:** Python, TypeScript, JavaScript, Java, Go, Rust, C# **DevOps/Config:** Dockerfile, Jenkins/Groovy, JSON, Makefile, PowerShell, Shell, SQL, Terraform, TOML, YAML --- ## Interpreting Results ``` file.py:42:10 Issue: Hardcoded database password detected Function: connect_db Type: HARDCODED_SECRET Severity: CRITICAL Suggestion: Move credentials to environment variables or a secrets manager ``` ### Issue Types | Type | Severity | Action | |------|----------|--------| | `VERY_HIGH_COMPLEXITY` | CRITICAL | Fix immediately | | `HIGH_COMPLEXITY` | HIGH | Fix in current sprint | | `DEEP_NESTING` | HIGH | Refactor nesting levels | | `SQL_INJECTION_RISK` | HIGH | Parameterize queries | | `HARDCODED_SECRET` | CRITICAL | Remove and rotate | | `LONG_FUNCTION` | MEDIUM | Split function | --- ## CI/CD Integration ```bash # Fail build on HIGH or CRITICAL issues hefesto analyze /path/to/project --fail-on HIGH # Pre-push git hook hefesto install-hook # Limit output hefesto analyze /path/to/project --max-issues 10 # Exclude specific issue types hefesto analyze /path/to/project --exclude-types VERY_HIGH_COMPLEXITY,LONG_FUNCTION ``` --- ## Licensing | Tier | Price | Key Features | |------|-------|-------------| | **FREE** | $0/mo | Static analysis, 17 languages, pre-push hooks | | **PRO** | $8/mo | ML semantic analysis, REST API, BigQuery integration, custom rules | | **OMEGA** | $19/mo | IRIS monitoring, auto-correlation, real-time alerts, team dashboard | All paid tiers include a **14-day free trial**. See pricing and subscribe at [hefestoai.narapallc.com](https://hefestoai.narapallc.com). To activate a license, see the setup guide at [hefestoai.narapallc.com/setup](https://hefestoai.narapallc.com/setup). --- ## About Created by **Narapa LLC** (Miami, FL) — Arturo Velasquez (@artvepa) - GitHub: [github.com/artvepa80/Agents-Hefesto](https://github.com/artvepa80/Agents-Hefesto) - Support: support@narapallc.com

标签

skill ai

通过对话安装

该技能支持在以下平台通过对话安装:

OpenClaw WorkBuddy QClaw Kimi Claude

方式一:安装 SkillHub 和技能

帮我安装 SkillHub 和 hefestoai-auditor-1776420053 技能

方式二:设置 SkillHub 为优先技能安装源

设置 SkillHub 为我的优先技能安装源,然后帮我安装 hefestoai-auditor-1776420053 技能

通过命令行安装

skillhub install hefestoai-auditor-1776420053

下载 Zip 包

⬇ 下载 hefestoai-auditor v2.2.0

文件大小: 2.8 KB | 发布时间: 2026-4-17 19:01

v2.2.0 最新 2026-4-17 19:01
**Changelog for v2.2.0**

- Greatly simplified documentation and descriptions for clarity.
- Added an explicit privacy statement: all code analysis is fully local with no external network calls.
- Reduced marketing, internal architecture, and constitutional details; focused on practical usage.
- Installation, quick start, usage examples, and supported languages now easier to understand.
- Pricing and licensing instructions rewritten with direct links for user convenience.

相关推荐

s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392882
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3209 ⬇ 392877
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3195 ⬇ 389507
AI智能
s

self-improvement

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.

⭐ 3177 ⬇ 386566
AI智能

多链集团旗下-闲社网

闲社网热线
免费联系电话
0527-80111111
            qqline

服务时间:周一到周日 8:00-24:00

  • 公众号
    闲社 闲社线报社区
关注闲社网
  • wxkf

    闲社在线客服

  • wx

    关注闲社网微信

  • app

    闲社网APP

Archiver·手机版·闲社网·闲社论坛·羊毛社区· 多链控股集团有限公司 · 苏ICP备2025199260号-1

Powered by Discuz! X5.0   © 2024-2025 闲社网·线报更新论坛·羊毛分享社区·http://xianshe.com

p2p_official_large
返回顶部