We did one once for NIP 44. I'm curious if they're going to talk about nip 04, 17, or MLS. Auditing clients is probably pointless unfortunately, since interoperability weakens security quite a lot anyway, and the surface area for an audit is massive. This is a trade-off of an open protocol