Forensic auditor for local AI coding agents (Claude Code, Codex CLI, OpenClaw) and project-surface scanner for repos containing skills, plugins, and MCP manifests. Reads session logs, configs, and instruction files, detects known-bad patterns using 296 bundled rules in total, including 167 static-file-applicable rules for scan-project, plus native ASAMM detectors, produces a report, and optionally cross-verifies findings using any combination of installed CLIs, direct API keys, or local LLMs.
https://github.com/scadastrangelove/agent-audit/
agent-audit is one of the implementation projects in the broader ASAMM effort. In ASAMM terms, this repo is the practical measurement and auditing layer: it turns agent-safety patterns into something you can run against real repos, local agent homes, session traces, skill collections, plugin registries, and MCP manifests.
Tuesday, April 28, 2026
Saturday, April 18, 2026
The Builder's Manifesto
Cybersecurity in a world where code is worth nothing
Another agent today.
It's all over Reddit, in every Telegram channel. "I built it over the weekend." "It found a 0-day." "It writes better code than me." Screenshots, demos, euphoria, panic.
Back in the late 80s, when we were pushing ASCII characters across endless green terminals in assembly and FOCAL, nobody thought this would turn into a trillion-dollar industry. We just wanted the machine to obey us, not the other way around.
Now it obeys itself. And we're not the ones making the rules anymore. The rules are making us.
Let's unpack this.
Saturday, April 11, 2026
Agentic SAMM
The core claim: SDLC is not a cycle. It is a spiral. Each iteration returns to the same phase — design, implementation, verification — but the system changed, the tools changed, and the threat model should have changed with them. Most do not.
https://github.com/scadastrangelove/asamm
What is inside:
Subscribe to:
Posts (Atom)