hefestoai-auditor
Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.
Best use case
hefestoai-auditor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.
Teams using hefestoai-auditor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/hefestoai-auditor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How hefestoai-auditor Compares
| Feature / Agent | hefestoai-auditor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Static code analysis tool. Detects security vulnerabilities, code smells, and complexity issues across 17 languages. All analysis runs locally — no code leaves your machine.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for ChatGPT
Find the best AI skills to adapt into ChatGPT workflows for research, writing, summarization, planning, and repeatable assistant tasks.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
SKILL.md Source
# HefestoAI Auditor Static code analysis for security, quality, and complexity. Supports 17 languages. **Privacy:** All analysis runs locally. No code is transmitted to external services. No network calls are made during analysis. **Permissions:** This tool reads source files in the specified directory (read-only). It does not modify your code. --- ## Install ```bash pip install hefesto-ai ``` ## Quick Start ```bash hefesto analyze /path/to/project --severity HIGH ``` ### Severity Levels ```bash hefesto analyze /path/to/project --severity CRITICAL # Critical only hefesto analyze /path/to/project --severity HIGH # High + Critical hefesto analyze /path/to/project --severity MEDIUM # Medium + High + Critical hefesto analyze /path/to/project --severity LOW # Everything ``` ### Output Formats ```bash hefesto analyze /path/to/project --output text # Terminal (default) hefesto analyze /path/to/project --output json # Structured JSON hefesto analyze /path/to/project --output html --save-html report.html # HTML report hefesto analyze /path/to/project --quiet # Summary only ``` ### Status and Version ```bash hefesto status hefesto --version ``` --- ## What It Detects ### Security Vulnerabilities - SQL injection and command injection - Hardcoded secrets (API keys, passwords, tokens) - Insecure configurations (Dockerfiles, Terraform, YAML) - Path traversal and XSS risks ### Semantic Drift (AI Code Integrity) - Logic alterations that preserve syntax but change intent - Architectural degradation from AI-generated code - Hidden duplicates and inconsistencies in monorepos ### Code Quality - Cyclomatic complexity >10 (HIGH) or >20 (CRITICAL) - Deep nesting (>4 levels) - Long functions (>50 lines) - Code smells and anti-patterns ### DevOps Issues - Dockerfile: missing USER, no HEALTHCHECK, running as root - Shell: missing `set -euo pipefail`, unquoted variables - Terraform: missing tags, hardcoded values ### What It Does NOT Detect - Runtime network attacks (DDoS, port scanning) - Active intrusions (rootkits, privilege escalation) - Network traffic monitoring - For these, use SIEM/IDS/IPS or GCP Security Command Center --- ## Supported Languages (17) **Code:** Python, TypeScript, JavaScript, Java, Go, Rust, C# **DevOps/Config:** Dockerfile, Jenkins/Groovy, JSON, Makefile, PowerShell, Shell, SQL, Terraform, TOML, YAML --- ## Interpreting Results ``` file.py:42:10 Issue: Hardcoded database password detected Function: connect_db Type: HARDCODED_SECRET Severity: CRITICAL Suggestion: Move credentials to environment variables or a secrets manager ``` ### Issue Types | Type | Severity | Action | |------|----------|--------| | `VERY_HIGH_COMPLEXITY` | CRITICAL | Fix immediately | | `HIGH_COMPLEXITY` | HIGH | Fix in current sprint | | `DEEP_NESTING` | HIGH | Refactor nesting levels | | `SQL_INJECTION_RISK` | HIGH | Parameterize queries | | `HARDCODED_SECRET` | CRITICAL | Remove and rotate | | `LONG_FUNCTION` | MEDIUM | Split function | --- ## CI/CD Integration ```bash # Fail build on HIGH or CRITICAL issues hefesto analyze /path/to/project --fail-on HIGH # Pre-push git hook hefesto install-hook # Limit output hefesto analyze /path/to/project --max-issues 10 # Exclude specific issue types hefesto analyze /path/to/project --exclude-types VERY_HIGH_COMPLEXITY,LONG_FUNCTION ``` --- ## Licensing | Tier | Price | Key Features | |------|-------|-------------| | **FREE** | $0/mo | Static analysis, 17 languages, pre-push hooks | | **PRO** | $8/mo | ML semantic analysis, REST API, BigQuery integration, custom rules | | **OMEGA** | $19/mo | IRIS monitoring, auto-correlation, real-time alerts, team dashboard | All paid tiers include a **14-day free trial**. See pricing and subscribe at [hefestoai.narapallc.com](https://hefestoai.narapallc.com). To activate a license, see the setup guide at [hefestoai.narapallc.com/setup](https://hefestoai.narapallc.com/setup). --- ## About Created by **Narapa LLC** (Miami, FL) — Arturo Velasquez (@artvepa) - GitHub: [github.com/artvepa80/Agents-Hefesto](https://github.com/artvepa80/Agents-Hefesto) - Support: support@narapallc.com
Related Skills
Payroll Compliance Auditor
Run a full payroll audit in under 10 minutes. Catches the errors that cost companies $845 per violation.
Agent Security Auditor
Scans ERC-8004 agents for security vulnerabilities and generates comprehensive security reports.
Devvit Publishing Auditor
A specialized auditor for Reddit Devvit developers to verify app readiness before uploading to the Reddit servers. It ensures compliance with Devvit CLI v0.12.x and Reddit’s publishing standards.
clauditor
Tamper-resistant audit watchdog for Clawdbot agents. Detects and logs suspicious filesystem activity with HMAC-chained evidence.
aws-tagging-auditor
Audit AWS resource tagging compliance and identify unallocatable spend for FinOps teams
azure-storage-exposure-auditor
Identify publicly accessible Azure Storage accounts and misconfigured blob containers
aws-security-group-auditor
Audit AWS Security Groups and VPC configurations for dangerous internet exposure
aws-s3-exposure-auditor
Identify publicly accessible S3 buckets, dangerous ACLs, and misconfigured bucket policies
azure-nsg-firewall-auditor
Audit Azure NSG rules and Azure Firewall policies for dangerous internet exposure
azure-key-vault-auditor
Audit Azure Key Vault configuration, access policies, and secret hygiene for credential exposure risks
aws-iam-policy-auditor
Audit AWS IAM policies and roles for over-privilege, wildcard permissions, and least-privilege violations
azure-entra-id-auditor
Audit Microsoft Entra ID for over-privileged roles, dangerous access patterns, and identity security gaps