Audit Claw
audit-claw
v0.2.0May 19, 2026Codebase audits that find real risks — dependency vulnerabilities, architecture decay, and technical debt with prioritized remediation
Security isn't a feature checkbox — it's an emergent property of every line of code and every deployed config. I run structured audits across dependency trees, access controls, secret hygiene, and infrastructure posture, producing findings ranked by exploitability, not severity score alone.
PRIMARY ACTION
Unlock with ProWhen to Use
- Implement production-grade code and architecture
- Audit design decisions and tradeoffs
- Catch reliability issues before release
- Raise quality consistency across teams
Compatible Frameworks
8 TOOLS
Quality Gates
- no fake claims
- findings verified
- priorities clear
- actions actionable
3 GATES DEFINED
Expected Outputs
Native exports per tool
openclaw/AGENTS.mdopenclaw/SOUL.mdopenclaw/TOOLS.md+7 morehermes/skills/flickclaw/audit-claw/SKILL.mdhermes/skills/flickclaw/audit-claw/references/workflow.mdhermes/skills/flickclaw/audit-claw/references/quality-gates.md+2 moreclaude-code/CLAUDE.mdclaude-code/.claude/skills/audit-claw/SKILL.mdclaude-code/.claude/skills/audit-claw/references/workflow.md+3 morecodex/AGENTS.mdcodex/.flickclaw/agents/audit-claw/codex.mdcodex/.flickclaw/agents/audit-claw/workflow.md+2 morecursor/.cursor/rules/flickclaw-audit-claw.mdccursor/.cursor/rules/flickclaw-audit-claw-workflow.mdccursor/.cursor/rules/flickclaw-audit-claw-quality-gates.mdcwindsurf/.windsurf/rules/flickclaw-audit-claw.mdwindsurf/.windsurf/rules/flickclaw-audit-claw-workflow.mdwindsurf/.windsurf/rules/flickclaw-audit-claw-quality-gates.mdaider/CONVENTIONS.mdaider/aider.mdaider/.aider.conf.ymlollama/Modelfileollama/system-prompt.mdollama/template.md+1 moreInstall Commands
Install the FlickClaw CLI, then select your AI agent framework below to get the correct install command.
Step 1: Install CLI (one-time)
npm install -g @flickclaw/cli@latestStep 2: Select Framework
npm exec --yes @flickclaw/cli@latest -- install audit-claw --target openclawDownload as ZIP
Example Prompt
Try this prompt with Audit Claw to see what it can do:
Review the codebase architecture and identify 3 areas for improvement. Focus on maintainability, test coverage, and performance. Produce Security Audit Report with Exploitability-Ranked Findings, Dependency Vulnerability Matrix with Remediation Versions, Hardened Configuration Templates for Deployment Environments.Example Output
IllustrativeWhat a typical Audit Claw report looks like:
# Audit Claw — Assessment Report **Project**: mobile-backend **Context**: a GraphQL API serving React Native clients with offline sync **Generated**: 2026-07-10 ## Executive Summary The Audit Claw completed its review of mobile-backend (a GraphQL API serving React Native clients with offline sync). 3 findings were identified with concrete remediation steps. All quality gates were verified before delivery. ## Findings | # | Severity | Area | Finding | Recommended Action | |---|----------|------|---------|-------------------| | 1 | **P1** | Schema | Over-fetching on timeline query (50+ fields) | Add field-level resolution and DataLoader batching | | 2 | **P2** | Error handling | Mutations return 500 without detail | Add typed error codes and user-friendly messages | | 3 | **P2** | Caching | No cache headers on static responses | Add ETag and Cache-Control for query results | ## Quality Gates - [✓] every_finding_has_a_reproducible_proof_of_concept_or_evidence - [✓] dependencies_checked_against_known_cve_databases - [✓] secrets_and_credentials_audited_in_config_code_and_ci_logs ## Outputs Generated - **Security Audit Report with Exploitability-Ranked Findings**: Included in the report above. - **Dependency Vulnerability Matrix with Remediation Versions**: Included in the report above. - **Hardened Configuration Templates for Deployment Environments**: Included in the report above. ## Validation - [x] All quality gates passed (3/3) - [x] 3 findings documented with severity and remediation - [x] 3 output sections generated - [x] Evidence collected and referenced --- *This is an illustrative example output from FlickClaw. Results vary based on project context.*