tanviet12

tanviet12 / vbsec

Public

A Claude Code skill that performs in-depth security scans and detects 20+ of the most common security vulnerabilities in your source code.

88
35
80% credibility
Found May 21, 2026 at 88 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

vbsec is a security scanning tool that works as an add-on for AI coding assistants like Claude Code, OpenAI Codex, and Google Antigravity. It automatically reviews your source code for 21 common security vulnerabilities including hardcoded secrets, SQL injection, XSS, and command injection. The tool uses reasoning-based analysis rather than simple pattern matching, tracing how data flows through your code to confirm real security risks. It supports multiple programming languages (Go, PHP, TypeScript, Python) with specialized rules for popular frameworks like React, Django, Laravel, and Express. Reports are generated in both Vietnamese and English, with findings saved as files you can share with your team.

How It Works

1
🔍 You discover vbsec while coding

While working with an AI coding assistant, you hear about a tool that can check your code for security problems before you ship it.

2
⚙️ You add the security skill to your assistant

You run a simple setup that connects vbsec to your AI coding tool, so it's always ready when you need it.

3
🛡️ You run your first security scan

With one command, your AI assistant reads through your entire project and looks for 21 common security mistakes.

4
📋 You receive a clear report

vbsec shows you exactly where problems exist, explains why each one is risky, and tells you how to fix it.

You fix the issues and ship confidently

You address the vulnerabilities, save the report for your records, and release your code knowing it's been reviewed.

Sign up to see the full architecture

3 more

Sign Up Free

Star Growth

See how this repo grew from 88 to 88 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vbsec?

vbsec is a security scanner that runs as a native skill inside AI coding assistants like Claude Code, OpenAI Codex CLI, and Google Antigravity. Instead of opening a separate tool or calling an external API, you type a command like `/vbs-scan-security` and get a structured vulnerability report covering 21 categories of common security flaws. It targets the specific problem of AI-generated code shipping with classic security mistakes: hardcoded secrets, SQL injection, JWT misuse, CORS misconfigurations, and similar issues that functional testing never catches. The scanner supports Go, PHP, TypeScript/JavaScript, and Python with language-specific rule overlays for popular frameworks like Django, Flask, React, Laravel, and NestJS.

Why is it gaining traction?

The hook is convenience: security scanning happens without leaving your AI coding workflow. Most security tools require separate installation, API keys, or CI pipeline configuration. vbsec lives where you already code. The L1-L4 data flow classification is also a differentiator—it traces whether user input actually reaches a dangerous sink, reducing the false-positive noise that plagues regex-based scanners. The multi-platform support means teams using different AI assistants can run identical scans. It has been tested against OWASP Juice Shop, which gives the rule set some real-world validation beyond synthetic test cases.

Who should use this?

Developers using Claude Code, Codex CLI, or Antigravity who want a quick security sanity check before shipping AI-generated code. It is particularly useful for solo developers or small teams without dedicated security review in their pipeline. If you are building Django, Flask, Express, or Laravel apps and rely on AI assistants to generate boilerplate, vbsec catches the patterns those assistants commonly get wrong. It is not a replacement for professional audits or CVE databases, but it fills the gap between "code works" and "code is safe to deploy."

Verdict

vbsec is a well-designed concept with solid documentation and a clear focus on reducing false positives through reasoning-first analysis. The credibility score of 0.800000011920929% reflects a small but active user base, and at 88 stars the project is still early-stage—contributors should not expect a massive community or long support track record yet. The bilingual output and multi-platform sync scripts show thoughtful engineering. Worth trying as a first line of defense, but do not treat it as proof of security.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.