Security Audit (RLM)

What it does

Run a tool-driven, RLM (Reinforcement/Repository-Linked Model) security audit for large legacy .NET codebases. This skill orchestrates audit.py to scan repositories without loading entire codebases into the model context, producing a human-readable security_audit_report.md and machine artifacts (metadata and manifest) with file/line evidence and concrete fixes. It includes tuning knobs for planner iterations, token/output bounds, tool payload limits, and runtime timeouts so audits scale to massive repositories.

When to use it

Use this skill when you need a privacy-conscious automated security review of a large repository (legacy .NET) where: you cannot or do not want to feed full repo into an LLM, you need prioritized findings with file/line evidence, or you must tune runtime/iteration limits to avoid stalls and truncation. Ideal for baseline audits, triage runs, and regression checks after dependency or build changes.

What's included

• Scripts: orchestration expects an audit.py tool in the repo (instructions reference running AUDIT_VERBOSE=1 python audit.py --source-root <repo-path>) — note: has_scripts=false from fetch but the skill documents the audit script.
• References: none bundled.
• Instructions: step-by-step execution checks (verify deno and model endpoint, run baseline audit, confirm outputs), tuning recommendations for max-iterations, RLM LLM call limits, output char bounds, tool payload limits, and troubleshooting steps for stalls/truncation and path access errors.

Compatible agents

Best used by agents with shell/CLI and tool orchestration capabilities (Codex/Copilot-style or OpenClaw agents that can run audit scripts and manage local model endpoints).