{ "schemaVersion": "1.0", "item": { "slug": "hefestoai-auditor", "name": "Hefestoai Auditor", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/artvepa80/hefestoai-auditor", "canonicalUrl": "https://clawhub.ai/artvepa80/hefestoai-auditor", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/hefestoai-auditor", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=hefestoai-auditor", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/hefestoai-auditor" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/hefestoai-auditor", "agentPageUrl": "https://openagent3.xyz/skills/hefestoai-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/hefestoai-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/hefestoai-auditor/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "HefestoAI Auditor", "body": "Static code analysis for security, quality, and complexity. Supports 17 languages.\n\nPrivacy: All analysis runs locally. No code is transmitted to external services. No network calls are made during analysis.\n\nPermissions: This tool reads source files in the specified directory (read-only). It does not modify your code." }, { "title": "Install", "body": "pip install hefesto-ai" }, { "title": "Quick Start", "body": "hefesto analyze /path/to/project --severity HIGH" }, { "title": "Severity Levels", "body": "hefesto analyze /path/to/project --severity CRITICAL # Critical only\nhefesto analyze /path/to/project --severity HIGH # High + Critical\nhefesto analyze /path/to/project --severity MEDIUM # Medium + High + Critical\nhefesto analyze /path/to/project --severity LOW # Everything" }, { "title": "Output Formats", "body": "hefesto analyze /path/to/project --output text # Terminal (default)\nhefesto analyze /path/to/project --output json # Structured JSON\nhefesto analyze /path/to/project --output html --save-html report.html # HTML report\nhefesto analyze /path/to/project --quiet # Summary only" }, { "title": "Status and Version", "body": "hefesto status\nhefesto --version" }, { "title": "Security Vulnerabilities", "body": "SQL injection and command injection\nHardcoded secrets (API keys, passwords, tokens)\nInsecure configurations (Dockerfiles, Terraform, YAML)\nPath traversal and XSS risks" }, { "title": "Semantic Drift (AI Code Integrity)", "body": "Logic alterations that preserve syntax but change intent\nArchitectural degradation from AI-generated code\nHidden duplicates and inconsistencies in monorepos" }, { "title": "Code Quality", "body": "Cyclomatic complexity >10 (HIGH) or >20 (CRITICAL)\nDeep nesting (>4 levels)\nLong functions (>50 lines)\nCode smells and anti-patterns" }, { "title": "DevOps Issues", "body": "Dockerfile: missing USER, no HEALTHCHECK, running as root\nShell: missing set -euo pipefail, unquoted variables\nTerraform: missing tags, hardcoded values" }, { "title": "What It Does NOT Detect", "body": "Runtime network attacks (DDoS, port scanning)\nActive intrusions (rootkits, privilege escalation)\nNetwork traffic monitoring\nFor these, use SIEM/IDS/IPS or GCP Security Command Center" }, { "title": "Supported Languages (17)", "body": "Code: Python, TypeScript, JavaScript, Java, Go, Rust, C#\n\nDevOps/Config: Dockerfile, Jenkins/Groovy, JSON, Makefile, PowerShell, Shell, SQL, Terraform, TOML, YAML" }, { "title": "Interpreting Results", "body": "file.py:42:10\n Issue: Hardcoded database password detected\n Function: connect_db\n Type: HARDCODED_SECRET\n Severity: CRITICAL\n Suggestion: Move credentials to environment variables or a secrets manager" }, { "title": "Issue Types", "body": "TypeSeverityActionVERY_HIGH_COMPLEXITYCRITICALFix immediatelyHIGH_COMPLEXITYHIGHFix in current sprintDEEP_NESTINGHIGHRefactor nesting levelsSQL_INJECTION_RISKHIGHParameterize queriesHARDCODED_SECRETCRITICALRemove and rotateLONG_FUNCTIONMEDIUMSplit function" }, { "title": "CI/CD Integration", "body": "# Fail build on HIGH or CRITICAL issues\nhefesto analyze /path/to/project --fail-on HIGH\n\n# Pre-push git hook\nhefesto install-hook\n\n# Limit output\nhefesto analyze /path/to/project --max-issues 10\n\n# Exclude specific issue types\nhefesto analyze /path/to/project --exclude-types VERY_HIGH_COMPLEXITY,LONG_FUNCTION" }, { "title": "Licensing", "body": "TierPriceKey FeaturesFREE$0/moStatic analysis, 17 languages, pre-push hooksPRO$8/moML semantic analysis, REST API, BigQuery integration, custom rulesOMEGA$19/moIRIS monitoring, auto-correlation, real-time alerts, team dashboard\n\nAll paid tiers include a 14-day free trial.\n\nSee pricing and subscribe at hefestoai.narapallc.com.\n\nTo activate a license, see the setup guide at hefestoai.narapallc.com/setup." }, { "title": "About", "body": "Created by Narapa LLC (Miami, FL) — Arturo Velasquez (@artvepa)\n\nGitHub: github.com/artvepa80/Agents-Hefesto\nSupport: support@narapallc.com" } ], "body": "HefestoAI Auditor\n\nStatic code analysis for security, quality, and complexity. Supports 17 languages.\n\nPrivacy: All analysis runs locally. No code is transmitted to external services. No network calls are made during analysis.\n\nPermissions: This tool reads source files in the specified directory (read-only). It does not modify your code.\n\nInstall\npip install hefesto-ai\n\nQuick Start\nhefesto analyze /path/to/project --severity HIGH\n\nSeverity Levels\nhefesto analyze /path/to/project --severity CRITICAL # Critical only\nhefesto analyze /path/to/project --severity HIGH # High + Critical\nhefesto analyze /path/to/project --severity MEDIUM # Medium + High + Critical\nhefesto analyze /path/to/project --severity LOW # Everything\n\nOutput Formats\nhefesto analyze /path/to/project --output text # Terminal (default)\nhefesto analyze /path/to/project --output json # Structured JSON\nhefesto analyze /path/to/project --output html --save-html report.html # HTML report\nhefesto analyze /path/to/project --quiet # Summary only\n\nStatus and Version\nhefesto status\nhefesto --version\n\nWhat It Detects\nSecurity Vulnerabilities\nSQL injection and command injection\nHardcoded secrets (API keys, passwords, tokens)\nInsecure configurations (Dockerfiles, Terraform, YAML)\nPath traversal and XSS risks\nSemantic Drift (AI Code Integrity)\nLogic alterations that preserve syntax but change intent\nArchitectural degradation from AI-generated code\nHidden duplicates and inconsistencies in monorepos\nCode Quality\nCyclomatic complexity >10 (HIGH) or >20 (CRITICAL)\nDeep nesting (>4 levels)\nLong functions (>50 lines)\nCode smells and anti-patterns\nDevOps Issues\nDockerfile: missing USER, no HEALTHCHECK, running as root\nShell: missing set -euo pipefail, unquoted variables\nTerraform: missing tags, hardcoded values\nWhat It Does NOT Detect\nRuntime network attacks (DDoS, port scanning)\nActive intrusions (rootkits, privilege escalation)\nNetwork traffic monitoring\nFor these, use SIEM/IDS/IPS or GCP Security Command Center\nSupported Languages (17)\n\nCode: Python, TypeScript, JavaScript, Java, Go, Rust, C#\n\nDevOps/Config: Dockerfile, Jenkins/Groovy, JSON, Makefile, PowerShell, Shell, SQL, Terraform, TOML, YAML\n\nInterpreting Results\nfile.py:42:10\n Issue: Hardcoded database password detected\n Function: connect_db\n Type: HARDCODED_SECRET\n Severity: CRITICAL\n Suggestion: Move credentials to environment variables or a secrets manager\n\nIssue Types\nType\tSeverity\tAction\nVERY_HIGH_COMPLEXITY\tCRITICAL\tFix immediately\nHIGH_COMPLEXITY\tHIGH\tFix in current sprint\nDEEP_NESTING\tHIGH\tRefactor nesting levels\nSQL_INJECTION_RISK\tHIGH\tParameterize queries\nHARDCODED_SECRET\tCRITICAL\tRemove and rotate\nLONG_FUNCTION\tMEDIUM\tSplit function\nCI/CD Integration\n# Fail build on HIGH or CRITICAL issues\nhefesto analyze /path/to/project --fail-on HIGH\n\n# Pre-push git hook\nhefesto install-hook\n\n# Limit output\nhefesto analyze /path/to/project --max-issues 10\n\n# Exclude specific issue types\nhefesto analyze /path/to/project --exclude-types VERY_HIGH_COMPLEXITY,LONG_FUNCTION\n\nLicensing\nTier\tPrice\tKey Features\nFREE\t$0/mo\tStatic analysis, 17 languages, pre-push hooks\nPRO\t$8/mo\tML semantic analysis, REST API, BigQuery integration, custom rules\nOMEGA\t$19/mo\tIRIS monitoring, auto-correlation, real-time alerts, team dashboard\n\nAll paid tiers include a 14-day free trial.\n\nSee pricing and subscribe at hefestoai.narapallc.com.\n\nTo activate a license, see the setup guide at hefestoai.narapallc.com/setup.\n\nAbout\n\nCreated by Narapa LLC (Miami, FL) — Arturo Velasquez (@artvepa)\n\nGitHub: github.com/artvepa80/Agents-Hefesto\nSupport: support@narapallc.com" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/artvepa80/hefestoai-auditor", "publisherUrl": "https://clawhub.ai/artvepa80/hefestoai-auditor", "owner": "artvepa80", "version": "2.2.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/hefestoai-auditor", "downloadUrl": "https://openagent3.xyz/downloads/hefestoai-auditor", "agentUrl": "https://openagent3.xyz/skills/hefestoai-auditor/agent", "manifestUrl": "https://openagent3.xyz/skills/hefestoai-auditor/agent.json", "briefUrl": "https://openagent3.xyz/skills/hefestoai-auditor/agent.md" } }