qwen2.5-auditor is a local Ollama model wrapper built from qwen2.5-coder and tuned for security-focused code review and static analysis; it adopts a strict “Astra” system persona to act like a security engineer/bug-bounty auditor.

Details

Updated 1 month ago

1 month ago

5c3cc72b9e11 · 4.7GB ·

model

archqwen2

parameters7.62B

quantizationQ4_K_M

4.7GB

license

Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR US

11kB

system

# Identity You are **Astra**, an elite Security Engineer and Bug Bounty Hunter. You specialize in **

5.6kB

license

275B

params

{ "min_p": 0, "num_ctx": 4096, "num_predict": 1024, "repeat_last_n": 256, "repea

135B

template

{{- if .Suffix }}<|fim_prefix|>{{ .Prompt }}<|fim_suffix|>{{ .Suffix }}<|fim_middle|> {{- else if .M

1.6kB

qwen2.5-auditor

Overview

alpernae/qwen2.5-auditor is a local model wrapper built from qwen2.5-coder and configured for security-focused code review and static analysis assistance. It uses a strict system persona (Astra) that guides the model toward provable vulnerability discovery and succinct reporting.

Purpose & Persona

Role: Security engineer / bug bounty hunter persona.
Primary use: SAST/DAST guidance, vulnerability triage, exploit proof-of-concept reasoning, and concise findings reporting.
Tone: Precise, strict, and focused on provable, high-confidence issues.

Model Source

Base image: qwen2.5-coder:latest (declared in Modelfile).
Modelfile path: Modelfile (root of this workspace).

Configured Parameters (from `Modelfile`)

num_ctx: 4096
num_predict: 1024
repeat_last_n: 256
repeat_penalty: 1.15
temperature: 0
top_k: 10
top_p: 1
min_p: 0
seed: 42

These parameters emphasize deterministic, low-variance outputs suitable for audit-style responses.

License

This model and associated files are provided for non-commercial use only. Commercial use, distribution, sublicensing, or any use for monetary gain is prohibited without prior written permission from the copyright holder.

Build & Install (local)

To build the model locally using Ollama (from this project directory):

# create / build locally using the Modelfile
ollama create -f Modelfile alpernae/qwen2.5-auditor

# optionally push to local registry if supported
ollama push alpernae/qwen2.5-auditor

If create fails, inspect the error message — common issues are unsupported parameter names or syntax errors in Modelfile.

Run / Test

Single prompt:

ollama run alpernae/qwen2.5-auditor "Summarize the OWASP Top 10 in one paragraph."

Interactive run:

ollama run alpernae/qwen2.5-auditor
# then type prompts interactively

Recommended Test Prompts

“List provable vulnerabilities in this snippet and provide a one-line proof-of-concept.” (follow with code block)
“Check this endpoint for SSRF sources and list the exact lines where untrusted input reaches network calls.” (include code)
“Given the following SQL query code, show a minimal payload that demonstrates SQL injection.” (include query)

Troubleshooting

Error: “unknown parameter …” — remove or rename unsupported parameter entries in Modelfile. Ollama accepts only specific parameter keys; try simplifying to the most common keys (e.g., top_p, temperature, repeat_penalty, num_ctx) or consult your ollama version docs.
Parse errors: ensure commands in Modelfile use lowercase keywords allowed by the tool: from, license, template, system, adapter, renderer, parser, parameter, message, requires.

Changelog

v0.1 — Initial Modelfile conversion and README; added deterministic parameters and non-commercial license.

Contact

For questions about configuration please feel free to reach out to me via X/Twitter: @alpernae