VibeCheck
Static security audit · built for vibe-coded apps

Ship fast. Ship safe.
Prove it.

Drop a GitHub repo. We scan for the 15 vulnerabilities that vibe-coding tools leak most — exposed keys, missing RLS, open CORS, dangerous innerHTML — and translate them into plain English with copy-paste fixes.

Start scanning →How it works
No installUnder 60 secondsTrust badge on pass
scan://acme/todo-app
3 blocking
critical
exposed-api-key
src/pages/api/chat.ts:12
const key = "sk-proj-abc123…"
critical
supabase-service-role-client
lib/supabase.ts:4
createClient(url, SERVICE_ROLE)
high
permissive-cors
next.config.ts:18
{ "Access-Control-Allow-Origin": "*" }
medium
default-credentials
seed.ts:8
password: "admin"
analysisAnthropic Claude
/ workflow

Three steps to a trust badge.

01
Paste your repo

Drop a GitHub URL. We pull files through the GitHub API — nothing to install.

02
We find what's broken

Static analysis + Anthropic Claude catch the classics vibe-coding tools leave behind.

03
Earn your badge

Zero critical/high findings? Get a public badge URL and embed it on your launch page.

/ rule set

15 rules. Tuned for the way AI tools actually write code.

These are the issues we see over and over in Lovable, Bolt, v0, and Cursor output. If you can paste a repo, you can find them before your users do.

  • 01Hardcoded API keys (OpenAI, Anthropic, Stripe, AWS)
  • 02Secrets exposed via NEXT_PUBLIC_ env vars
  • 03.env files committed to the repo
  • 04Supabase service role in client code
  • 05Permissive CORS (allow-origin *)
  • 06dangerouslySetInnerHTML without sanitization
  • 07eval() / new Function() usage
  • 08SQL built by string concatenation
  • 09Debug / verbose mode left on
  • 10Cookies missing HttpOnly / Secure flags
  • 11API routes without an auth check
  • 12Unvalidated redirect targets
  • 13Missing Content-Security-Policy
  • 14Default / placeholder credentials
  • 15Sensitive endpoints fetched over HTTP

Your next launch deserves a vibe check.

Free while in beta. Sign up, paste a repo, and ship with confidence.

Get started →