Security Auditor

Point the agent at a directory: • Detects hardcoded secrets (API keys, passwords, tokens) • Flags insecure patterns (eval, shell injection, open redirects) • Checks dependency versions against known CVEs • Generates a structured report with severity ratings Runs entirely locally — no code is sent to external services.