Security auditing, code estimation, and reporting tools for smart contracts and general codebases
npx claudepluginhub artifex1/auditor-addonAuditor Addon helps estimate and audit code and write issues
Artifex1
A Gemini CLI Extension and Claude Code Plugin with Skills and Tools for code estimation, security auditing, and professional report writing.
Skills are structured workflows that guide the AI through multi-step processes. Each skill contains detailed instructions, phases, and best practices for specific tasks.
| Skill | Purpose | Capabilities |
|---|---|---|
| 🛡️ security-auditor | Interactive security auditing with Map & Probe methodology | Map (structural inventory) → Checklist (optional, standard-specific) → Probe (per-path vulnerability analysis) |
| 🔍 threat-modeling | Systematic threat enumeration before code-level auditing | Analyze → Diagram → Attackers → Assets → Threats (STRIDE) → Report |
| 📊 estimator | Project scoping and effort estimation | Full scope (Discovery, Explore, Metrics, Report) or Diff scope (Discovery, Review, Report) |
| 🧠 design-challenger | Challenge overcomplicated designs | Propose simplifications with explicit trade-offs |
| 📝 scribe | Report writing and finding generation | Professional issue descriptions, report introductions |
| 🔬 sast-pipeline | Run the SAiST static analysis pipeline | Init scan → Resolve gaps → Run rules (shipped + custom) |
| ✏️ rule-authoring | Author SAiST detection rules | Shallow, deep, and MapRule types with testing patterns |
Skills provide complete workflows that the AI follows autonomously. When invoked, the AI loads the skill's protocol and executes it step-by-step, using the available tools as needed. Each skill can be invoked through its respective slash command (e.g., /security-auditor, /estimator).
[!NOTE] Model Performance: Skills perform differently across AI models. Depending on your needs, you may want to adjust the model for optimal results:
- Speed: Lighter models (e.g., Claude Haiku, Gemini Flash) execute faster but may miss subtle issues
- Reasoning Effort: More capable models (e.g., Claude Sonnet/Opus, Gemini Pro) provide deeper analysis and better edge case detection
- Thoroughness: Higher-tier models tend to be more comprehensive in their exploration and validation
- Verbosity: Models with higher reasoning capabilities can be less verbose in their thinking process
Experiment with different models to find the right balance for your use case.
Tools provide structured code analysis through Tree-sitter AST parsing. They support glob patterns for analyzing multiple files at once. Skills use these tools automatically as part of their workflows.
peekExtracts function and method signatures from source files without reading full implementations. The estimator skill uses peek to quickly understand a codebase's API surface, what functions exist, their parameters, visibility, and modifiers. This is ideal for initial exploration and building a mental map of unfamiliar code, without the need to read full files.
metricsThe metrics tool calculates code metrics:
The estimator skill uses this tool to calculate how long it takes to perform a security audit.
diff_metricsCalculates metrics for code changes between two git refs (commits, branches, or tags). Useful for estimating incremental audit effort when reviewing pull requests or comparing versions.