benavlabs

benavlabs / vibe-check

Public

Security checklist for vibe coded apps. AI rules file + automated audit + manual verification.

agents-md ai-generated-code appsec checklist claude-code
10
2
100% credibility
Found Apr 07, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

A collection of checklists and prompts designed to help secure applications built rapidly using AI coding assistants.

How It Works

1
🔍 Discover the security guide

While building your app quickly with AI help, you find this simple checklist to make sure it's safe from common mistakes.

2
📋 Add safety rules to your project

You place the security rules right in your project folder so your AI helper automatically follows them from now on.

3
🤖 Launch the AI safety scan

You ask your AI assistant to run the full security review, and it checks your whole project for problems, writes reports, plans fixes, and even applies them.

4
📂 Review the safety report

You open the new safety folder to see the detailed findings, fixes applied, and what's been improved.

5
Run quick manual tests

You follow the easy checklist to test things yourself, like checking if private info stays private or logins are secure.

🛡️ Your app is safer now

With the basics covered, your quick-built app is protected against the mistakes that have tripped up others, ready for real users.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vibe-check?

Vibe-check delivers a security checklist tailored for apps built with AI coding tools like Cursor, Copilot, or Claude, tackling the gap where AI prioritizes functionality over safety—studies show only 10.5% of AI-generated code is secure. You get three layers: rules your AI reads to prevent vulnerabilities during coding, prompts for automated project audits that generate reports and fixes, and manual tests for edge cases like brute-force login or exposed env files. It's all Markdown-based checklists, with bash copy commands for quick setup in any web app repo.

Why is it gaining traction?

It stands out by focusing on 17 real-world vulnerabilities from vibe-coded breaches—like misconfigured databases, IDOR, or unverified Stripe webhooks—drawing from scans of 5,600+ apps and tying into github security advisories and security github copilot pitfalls. Developers hook on the simplicity: paste rules into your project root for ongoing protection, run AI audits via prompts that output fix plans to a security folder, and use manual checklists as a security checklist template for web applications. No heavy tools needed, just integrates with your existing github security scanning workflow or security github actions.

Who should use this?

Indie hackers or solo full-stack devs vibe-coding MVPs with FastAPI, Astro, or Stripe integrations, especially those skipping pentests early on. Teams using security github copilot for rapid prototypes who need a security checklist for web application basics like row-level security or CORS fixes. Anyone auditing AI-generated repos for committed secrets or SSRF before launch.

Verdict

Grab it if you're AI-coding web apps—solid docs and breach-backed checklist make it a practical security github repository starter, even as a security checklist example. Low 1.0% credibility score and 10 stars signal early days with no tests, so pair with pro audits for production; test on a side project first.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.