HN Showcase
Back to browse
GitHub Repository

Autonomous white-hat security auditor

77 starsTypeScript

Flounder – an autonomous white-hat security auditor

by adshao·Jun 24, 2026·2 points·0 comments
Visit ProjectView on HN

AI Analysis

●●SolidBig BrainShip It

Framework-agnostic audit workflow around AI agents, not another scanner.

Strengths
  • 338 commits show real iteration, not a weekend wrapper project
  • Workflow orchestration (prepare→map→dig→confirm→report) beats checklist runners
  • Framework-agnostic design handles Solidity, ZK, Rust, Go without stack-specific rules
Weaknesses
  • Autonomous security auditing is crowded with CodeQL, Semgrep, and funded startups
  • Still depends on underlying agent quality—Flounder orchestrates, doesn't reason
Category
Security
Target Audience

Security researchers, smart contract auditors, DevSecOps teams

Similar To

CodeQL · Semgrep · GitHub Advanced Security

Similar Projects

Security●●Solid

Open-source white-box agentic red teamer for AI agents

White-box agent red teaming finds 5x more vulns than black-box prompt injection.

Dark HorseSolve My Problem
ashish-a
103mo ago
Security●●Solid

Skillaudit.sh – A minimalist security auditor for LLM skill definitions

It’s refreshingly focused: rules for prompt injection, hidden HTML comment instructions, exfiltration patterns and even HEAD checks against npm/PyPI for hallucinated packages. The site sells the minimalist ethos — small, audit-first tool for the offensive side of LLM security — but from the page it looks primarily pattern-driven, so expect heuristic false positives and limited context-aware analysis unless the engine goes deeper.

Niche GemSlick
dns
104mo ago