Orchestrate via @babysitter. Use this skill when asked to babysit a run, orchestrate a process or whenever it is called explicitly. (babysit, babysitter, orchestrate, orchestrate a run, workflow, etc.)

2026-04-031.4k

babysit

a5c-ai/babysitter

2026-04-031.4k

cleanup

a5c-ai/babysitter

Clean up .a5c/runs and .a5c/processes directories. Aggregates insights from completed/failed runs into docs/run-history-insights.md, then removes old run data and orphaned process files.

2026-04-031.4k

contrib

a5c-ai/babysitter

Submit feedback or contribute to babysitter project

2026-04-031.4k

plugins

a5c-ai/babysitter

manage babysitter plugins. use this command to see the list of installed babysitter plugins, their status, and manage them (install, update, uninstall, list from marketplace, add marketplace, configure plugin, create new plugin, etc).

name	semantic-code-analyzer
description	LLM-powered semantic analysis of code diffs to detect business-logic trojans
allowed-tools	["Bash","Read","Glob","Grep"]

Semantic Code Analyzer

LLM-powered semantic analysis engine that detects business-logic trojans by comparing code intent (docstrings, function names, variable names) against actual implementation behavior.

Purpose

The core detection capability of nation-state trojan detection. Traditional SAST tools check syntax; this skill checks semantics — whether the code does what it claims to do. It catches operator substitutions, logic inversions, constant manipulation, narrative camouflage, and compound self-masking attacks.

Capabilities

Intent vs Implementation Analysis

Reads function names, docstrings, and variable names to establish intent
Traces code execution to determine actual behavior
Flags any contradiction as a potential trojan indicator

Mathematical Verification

Plugs concrete values into changed formulas
Computes before/after results to quantify impact
Detects ratio inversions (a/b vs b/a), precision loss (/ vs //), and threshold shifts

Docstring Contradiction Detection

Compares narrative claims in comments/docstrings against code behavior
Detects narrative camouflage where docs are updated to match malicious code
Cross-references variable naming against mathematical operations

Test Evasion Analysis

Reads existing test fixtures to identify blind spots
Explains why each finding would pass current tests
Recommends test improvements to prevent recurrence

Blast Radius Mapping

Uses grep/ripgrep to find all consumers of changed functions/values
Maps downstream data flow through the application
Quantifies the scope of impact (single function → system-wide)

Input Schema

{
  "type": "object",
  "required": ["projectRoot", "filePath", "rawDiff"],
  "properties": {
    "projectRoot": {
      "type": "string",
      "description": "Absolute path to the project"
    },
    "projectName": {
      "type": "string",
      "description": "Project display name"
    },
    "filePath": {
      "type": "string",
      "description": "Path to the changed file"
    },
    "rawDiff": {
      "type": "string",
      "description": "Raw git diff output for this file"
    },
    "classification": {
      "type": "string",
      "description": "Change classification from git forensics (code/config/data-model/cosmetic)"
    }
  }
}

Output Schema

{
  "type": "object",
  "required": ["filePath", "verdict", "confidence", "findings"],
  "properties": {
    "filePath": { "type": "string" },
    "verdict": {
      "type": "string",
      "enum": ["CLEAN", "SUSPICIOUS", "TROJAN_DETECTED"]
    },
    "confidence": {
      "type": "number",
      "minimum": 0,
      "maximum": 100
    },
    "findings": {
      "type": "array",
      "items": {
        "type": "object",
        "properties": {
          "line": { "type": "number" },
          "originalCode": { "type": "string" },
          "modifiedCode": { "type": "string" },
          "signature": { "type": "string" },
          "severity": { "type": "string" },
          "explanation": { "type": "string" },
          "mathematicalImpact": { "type": "string" },
          "blastRadius": { "type": "array", "items": { "type": "string" } },
          "testEvasionReason": { "type": "string" }
        }
      }
    },
    "stealthRating": { "type": "string" }
  }
}

Usage Example

skill: {
  name: 'semantic-code-analyzer',
  context: {
    projectRoot: '/path/to/project',
    filePath: 'backend/app/data/models.py',
    rawDiff: '--- a/backend/app/data/models.py\n+++ b/...',
    classification: 'data-model'
  }
}

Attack Signatures Detected

Signature	What It Catches
`constant-manipulation`	Threshold/limit changes that disable features
`logic-inversion`	Operator flips (< to >, a/b to b/a)
`narrative-camouflage`	Docstrings rewritten to match malicious code
`edge-case-exploitation`	Corrupted fallback/default paths
`self-masking-compound`	Multiple layers hiding each other's impact
`precision-truncation`	Division operator swaps losing precision
`window-overlap-neutralization`	Comparison windows narrowed until meaningless
`calibration-camouflage`	ML hyperparameter degradation
`cosmetic-decoy`	Formatting changes hiding semantic modifications

Process Files

nation-state-trojan-detection.js — Phase 2: Semantic Analysis (per-file)
nation-state-trojan-detection.js — Phase 3: Compound Analysis (cross-file)