Local-First
Your code never leaves your machine. No cloud uploads, no API keys required, no vendor lock-in. The full detection pipeline runs locally.
Three Detection Layers
Static analysis (voro-scan) feeds into Bayesian scoring (voro-brain) for confidence-weighted A-F grades. Findings confirmed by multiple methods score higher.
Agentic Security
MCP server trust boundaries, prompt injection vectors, unconstrained tool permissions. VORO covers autonomous agent threats that no other scanner addresses systematically.
Published Accuracy
Slither precision: 0.746. SmartBugs recall: 0.972. Every number comes from a labeled corpus with reproducible evaluation. No competitor publishes these metrics.
16 Languages
Solidity, Python, JavaScript, TypeScript, Go, Rust, Move, Vyper, and more. Auto-detection — point it at a repo and it runs the right checks.
Open Source
The scanner is MIT-licensed. 745 active patterns, 14 external scanner integrations, 9 taxonomy mappings. Free for individuals and commercial use.
Detection Pipeline
Scan
agent-builder audit . runs 745 patterns + 14 external scanners against your codebase. Output: structured JSON findings.
Score
voro-brain evaluates findings across 6 risk dimensions using corpus-calibrated Bayesian priors. Output: A-F safety grade.
Report
View results in the web UI, as GitHub PR comments, or consume the JSON directly in your CI pipeline.