Skip to content
RORO edited this page Jul 2, 2026 · 2 revisions

poki

A vulnerability harness for Claude Code. It is a set of security skills plus a Dockerized static-analysis backend that turn the agent into a security auditor.

What is in it

  • security-audit skill runs a fleet of parallel sub-agents through a six-phase pipeline (recon, hunting, validation, reporting, structured output, independent verification) to find exploitable vulnerabilities with real impact. It is a from-scratch rebuild of Cloudflare's Build your own vulnerability harness and security-audit-skill, mapped onto Claude Code's own primitives.
  • joern skill drives Joern and its Code Property Graph for structural and data-flow queries (CPGQL): taint tracking, source-to-sink reachability, and the queries.joern.io patterns.
  • joern-gateway is a standalone Joern server plus a Python WebSocket gateway, running in Docker, that the joern skill talks to through the joernctl CLI.

Security-audit workflow

security-audit pipeline

  1. Recon: parallel Explore agents map architecture, trust boundaries, and input surfaces.
  2. Hunt: parallel general-purpose agents attack by class and can spawn their own sub-agents.
  3. Validate: separate agents try to disprove each finding. The validator is never the finder.
  4. Report: writes REPORT.md and FINDINGS-DETAIL.md.
  5. Structured output: writes findings.json, checked by validate-findings.cjs.
  6. Independent verification: fresh agents recheck every claim against source.

Joern gateway architecture

Joern gateway architecture

The agent runs joernctl on the host. It talks HTTP to gateway.py in the container, which drives a standalone Joern server over its WebSocket protocol. Only the gateway port (127.0.0.1:8099) is exposed. Joern stays inside the container.

cd joern-gateway
docker compose up -d --build
./joernctl health
./joernctl import /work/target
./joernctl query 'cpg.call.name("system").reachableByFlows(cpg.parameter).p'

Design principles

  • Only report what you can exploit. Every finding needs a concrete attack scenario.
  • Adversarial validation. The agent that checks a finding is never the agent that found it.
  • Severity requires impact. Likelihood and impact combined, not deviation from a checklist.
  • Defense-in-depth gaps are not vulnerabilities. They are hardening notes.
  • Multiple runs improve coverage.

Links

Clone this wiki locally