hello-auditkit

🥈Silver

Hello-AuditKit is an evidence-first audit system for AI coding assistant configurations. It audits prompts, memory files, skills, and plugins. Benefits developers and operations teams by ensuring compliance and reducing errors. Integrates with Claude and other AI coding assistants.

2550Updated 2w ago

Intermediate30min to implementautomation

Saves ~180 min per use

Quick InstallView Source

git clone https://github.com/hellowind777/hello-auditkit.git

Works with:

Claude

Overview

About This Skill

How to Use

[{"step":"Prepare your configuration files. Gather paths to prompts, memory files, installed skills, and active plugins. Ensure you have read access to all files.","tip":"Use `find` commands to locate all relevant files. Example: `find . -name \"*.md\" -path \"*/prompts/*\"` for prompt files."},{"step":"Define your compliance policy. Create or select a policy file that specifies your organization's rules for prompts, memory usage, and dependencies. Example: `soc2-policy.json` or `internal-compliance.yml`.","tip":"Start with Hello-AuditKit's built-in policies if you don't have a custom one. Run `hello-auditkit policies list` to see available options."},{"step":"Run the audit with your placeholders filled. Use the prompt template to generate a command or query for your AI assistant. Example for Claude: `/run Hello-AuditKit compliance audit for Acme-Copilot with policy soc2-policy.json`.","tip":"For large projects, run the audit in stages. Start with prompts and memory, then check skills and plugins separately to manage output size."},{"step":"Review the report. Focus on Critical and High severity findings first. Use the remediation steps provided to fix issues.","tip":"Prioritize fixes based on your risk tolerance. Critical findings should be addressed immediately, while warnings can often wait for the next sprint."},{"step":"Integrate into your workflow. Set up automated audits using Hello-AuditKit's CLI or API. Schedule regular runs (e.g., weekly) and integrate with your CI/CD pipeline.","tip":"Use the `--auto-fix` flag for non-critical issues to automatically apply safe remediations. Example: `hello-auditkit audit --auto-fix --severity medium`"}]

Setup & Installation

Quick Install

No install command available. Check the GitHub repository for manual installation instructions.

Alternative Install (Git Clone)

git clone https://github.com/hellowind777/hello-auditkit

Requirements

Claude Code or compatible AI agent
Works with: Claude

Quick Start Guide

Install the Skill

Copy the install command above and run it in your terminal.

Open Your AI Agent

Launch Claude Code, Cursor, or your preferred AI coding agent.

Try It Out

Use the prompt template or examples below to test the skill.

Customize

Adapt the skill to your specific use case and workflow.

Usage Examples

Prompt Template

Run a Hello-AuditKit compliance audit on the AI coding assistant configuration for [PROJECT_NAME]. Check the following: 1) Prompts in [PROMPT_FOLDER_PATH] for compliance with [COMPLIANCE_POLICY], 2) Memory files in [MEMORY_FOLDER_PATH] for sensitive data exposure risks, 3) Installed skills in [SKILLS_FILE_PATH] for deprecated or insecure dependencies, and 4) Active plugins in [PLUGINS_FILE_PATH] for version conflicts. Generate a report with severity ratings and remediation steps. Prioritize findings by [PRIORITY_CRITERIA].

Example Output

Hello-AuditKit Compliance Report for Project: Acme-Copilot
Generated: 2024-05-15 14:30:00 UTC

=== EXECUTIVE SUMMARY ===
Total Checks: 47 | Passed: 38 | Warnings: 6 | Failures: 3
Severity Breakdown: Critical: 1 | High: 2 | Medium: 6 | Low: 5

=== CRITICAL FINDINGS ===
1. [FAIL] Prompt: `code-review-prompt.md`
   - Issue: Contains hardcoded API keys in example snippets
   - Risk: Credential leakage in shared repositories
   - Remediation: Replace with environment variable placeholders
   - Severity: Critical | Status: Unresolved

=== HIGH SEVERITY FINDINGS ===
2. [FAIL] Skill: `hello-auditkit`
   - Issue: Outdated dependency 'langchain' v0.0.210 (CVE-2024-28183)
   - Risk: Potential code injection via prompt injection
   - Remediation: Upgrade to langchain v0.1.12+
   - Severity: High | Status: Unresolved

3. [WARNING] Plugin: `claude-code-interpreter`
   - Issue: Memory file 'user-preferences.json' contains 12 instances of credit card numbers
   - Risk: PCI DSS violation if exposed
   - Remediation: Encrypt sensitive data or implement tokenization
   - Severity: High | Status: Partially Resolved (3/12 cleaned)

=== MEDIUM SEVERITY FINDINGS ===
4. [WARNING] Prompt: `security-scan-prompt.md`
   - Issue: Uses deprecated 'eval()' function in example code
   - Risk: Code execution vulnerability in examples
   - Remediation: Replace with safe alternatives like 'ast.literal_eval()'
   - Severity: Medium | Status: Unresolved

5. [PASS] Memory: 'project-context.json'
   - Issue: No sensitive data detected in 8MB file
   - Risk: None
   - Remediation: No action required
   - Severity: N/A | Status: Compliant

=== RECOMMENDATIONS ===
Priority 1 (Address within 24 hours):
- Resolve Critical Finding #1 (API key exposure)
- Upgrade langchain dependency in Finding #2

Priority 2 (Address within 1 week):
- Clean remaining credit card numbers in Finding #3
- Refactor security-scan-prompt.md in Finding #4

Automated Fixes Applied:
- Updated 5 deprecated skill dependencies
- Encrypted 8 memory files containing PII

Next Audit Scheduled: 2024-05-22 (Automated)

---
Generated by Hello-AuditKit v1.3.2 | Compliance Framework: SOC2-Type2, ISO27001