wrxck

wrxck / auto-audit

Public

Autonomous Claude Code plugin that audits a GitHub repo, triages findings, fixes in PRs, and independently reviews before merging.

19
1
100% credibility
Found Apr 20, 2026 at 19 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

A plugin for AI coding tools that automates security audits on GitHub projects by scanning for vulnerabilities, generating fixes in pull requests, and enforcing safety rules.

How It Works

1
📖 Discover auto-audit

You hear about a helpful tool that automatically checks your code project for safety issues and even suggests fixes.

2
🛠️ Add to your AI helper

You simply add the auditing tool to your AI coding assistant through its easy marketplace.

3
🚀 Start the audit

You tell the tool which project to check, and it begins scanning your code for vulnerabilities right away.

4
🔄 Watch it work

The tool finds issues, verifies them, creates proof examples, writes minimal fixes, and opens update requests for each one.

5
Choose review style
👤
Manual review

You look over each suggested change before approving.

🤖
Auto approve

The tool double-checks fixes itself and applies them safely.

🏆 Safer project ready

Your code is now cleaned up with all confirmed issues fixed, plus a badge showing it's secure and up to date.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 19 to 19 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is auto-audit?

Auto-audit is a Shell-based plugin for Claude Code that turns Anthropic's AI into an autonomous security auditor for GitHub repos. Point it at any repo with `/auto-audit:start owner/name`, and it scans for vulnerabilities, triages false positives, builds proof-of-concept exploits, crafts minimal fixes in dedicated PRs, runs an independent AI review, and optionally auto-merges clean ones. It solves the drudgery of manual code audits by handling the full cycle—scan to merge—while keeping humans in the loop by default.

Why is it gaining traction?

It stands out with a resumable tick-based loop that advances one finding at a time, making it interruptible and reliable even in long sessions, plus dynamic badges for your README showing live audit status like "clean" or "3 findings." Developers dig the safety nets: sandboxed test runs, diff size caps, and bias-free reviews that block bad fixes. Compared to static scanners or pricey auto audit pro reports, this delivers actionable PRs via autonomous Claude agents, no human triage needed upfront.

Who should use this?

Repo maintainers auditing open-source projects for security holes, indie devs securing side projects before launch, or teams in auto audit groups evaluating forks like those from Kenya-based contributors. Ideal for anyone with GitHub write access running Claude Code who wants automated vuln hunting without npm audit false positives or manual PoC writing.

Verdict

Try it for low-risk repos—19 stars and 1.0% credibility signal early days, but solid docs, 58/58 passing safety tests, and a clear install path make it worth a spin on your own code. Stick to manual merge policy until maturity grows; pair with human review for production. (198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.