🔓 unclaimed — this page was auto-generated from GitHub. Are you the creator?
Claim this page →
Vigilo
An AI hacker for Web3 Smart Contract. for bug bounties, Audit contest, offensive security research, and real-world exploit thinking.
git clone https://github.com/PurpleAILAB/Vigilo
Vigilo
Web3 Smart Contract Security Auditing Agent
From Latin vigilo — "I watch, I guard." An autonomous security legion inspired by the command structure of the Roman army, watching over your smart contracts to find vulnerabilities before attackers do.
What is Vigilo?
Vigilo is an autonomous security legion for smart contract auditing, inspired by the command structure of the Roman army. It runs inside OpenCode, deploying specialized agents in parallel to find vulnerabilities and generate validated PoCs.
The Legion
| Agent | Mission |
|---|---|
| Vigilo | Orchestrates the full audit pipeline |
| Quaestor | Pre-audit interview & scope planning |
| Explorator | Code reconnaissance — maps structure and flows |
| Speculator | Documentation intel — extracts design and invariants |
| Centuriones | 8 specialist auditors deployed by protocol type |
Proven in the Wild
Real vulnerabilities found by Vigilo in live audit contests.
All I did was specify the target project and submit the report. Vigilo did the rest.
Cantina — Ceiling Rounding Accumulation (High, Accepted)
View full report
Installation
OpenCode
For LLM Agents (Recommended)
Paste this into your LLM agent session:
Install and configure vigilo by following the instructions here:
https://raw.githubusercontent.com/PurpleAILAB/Vigilo/main/packages/opencode/docs/installation.md
Manual Install
bunx vigilo install
Claude Code
/plugin marketplace add PurpleAILAB/Vigilo
/plugin install vigilo@Vigilo
See the full Installation Guide for more options.
Uninstallation
- Remove the plugin from your OpenCode config:
# Edit ~/.config/opencode/opencode.json and remove "vigilo" from the plugin array
- Remove configuration files:
rm -f ~/.config/opencode/vigilo.json
- Verify removal:
opencode --version
Features
- Automated Audit Workflow: Scope → Recon (Exploratores) → Deep Analysis (Centuriones) → PoC → Report
- Specialized Auditors: Reentrancy, Oracle, Access Control, Flashloan, Logic, DeFi, Token, Cross-Chain
- Multi-Language Support: Solidity, Vyper, Cairo, Rust
- Foundry Integration:
forge build,forge test,forge coverage - LSP Integration: Goto-definition, references, diagnostics
- Parallel Analysis: Multiple auditors running concurrently
- PoC Validation: Auto-generate and validate Foundry tests
Usage
cd my-solidity-project
opencode
# Start audit
/audit
# Generate PoC
/poc .vigilo/findings/high/H-01-reentrancy.md
Directory Structure
.vigilo/
├── recon/ # Explorator & Speculator outputs
├── findings/ # Vulnerability findings
│ ├── high/
│ └── medium/
├── poc/ # PoC validation logs
└── reports/ # Final reports
Platforms
| Platform | Package | Status |
|---|---|---|
| OpenCode | packages/opencode | ⭐ Recommended |
| Claude Code | packages/claude | Stable |
Why OpenCode? More flexibility with model selection, better plugin extensibility, and cost-effective auditing with configurable models per auditor.
Benchmarking
Measure Vigilo's audit accuracy against verified security reports from Code4rena, Sherlock, and Cantina.
# Run full benchmark pipeline
bunx vigilo-bench sherlock_cork-protocol_2025_01 -w -v
Pipeline: checkout → audit → score → report
See packages/bench for full documentation.
Troubleshooting
bunx vigilo doctor
bunx vigilo doctor --verbose
| Issue | Solution |
|---|---|
| OpenCode not found | Install from https://github.com/anomalyco/opencode |
| Foundry not found | curl -L https://foundry.paradigm.xyz | bash && foundryup |
| Vigilo not registered | Run bunx vigilo install again |
Development
For contributors working on Vigilo itself.
Setup
git clone https://github.com/PurpleAILAB/Vigilo.git
cd vigilo/packages/opencode
bun install
bun link
Development Mode
- Configure local plugin path in
~/.config/opencode/opencode.json:
{
"plugin": [
"D:/path/to/vigilo/packages/opencode"
]
}
- Run watch mode:
bun run dev
- Restart OpenCode to load changes.
Quick Commands
| Task | Command |
|---|---|
| Build | bun run build |
| Watch mode | bun run dev |
| Test CLI | bun src/cli/index.ts install |
| Run doctor | bun src/cli/index.ts doctor --verbose |
Restore Production Mode
bunx vigilo install
This resets the plugin path to vigilo@latest.
License
- Non-production use: Free
- Production use: Requires commercial license
- Change Date: 2029-01-21 (converts to Apache-2.0)
Commercial licensing: [email protected]
Ready to hunt bugs? 🔍
// compatibility
| Platforms | cli, api |
|---|---|
| Operating systems | — |
| AI compatibility | claude |
| License | NOASSERTION |
| Pricing | open-source |
| Language | TypeScript |
// faq
What is Vigilo?
An AI hacker for Web3 Smart Contract. for bug bounties, Audit contest, offensive security research, and real-world exploit thinking.. It is open-source on GitHub.
Is Vigilo free to use?
Vigilo is open-source under the NOASSERTION license, so it is free to use.
What category does Vigilo belong to?
Vigilo is listed under plugins in the Claudeers registry of Claude-compatible tools.
// embed badge
[](https://claudeers.com/vigilo)
// retro hit counter
[](https://claudeers.com/vigilo)
// reviews
// guestbook
// related in Claude Plugins
A single CLAUDE.md file to improve Claude Code behavior, derived from Andrej Karpathy's observations on LLM coding pitfalls.
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explainin…
"CLI-Anything: Making ALL Software Agent-Native" -- CLI-Hub: https://clianything.cc/
financial-services — a Claude ecosystem project on GitHub.