tawgroup

tawgroup / vibesec

Public

Pre-deploy security audit skill for vibe-coded apps. Catches unauthenticated admin APIs, missing RLS, leaked service keys before you ship.

10
4
100% credibility
Found Jun 01, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

Vibesec is a security checking tool that works as an add-on for AI coding assistants. It scans apps built with popular tools before they go live on the internet, looking for common mistakes like unprotected admin routes, exposed database keys, or insecure permission settings. It reports what it finds so developers can fix issues before shipping. The tool is designed specifically for people who use AI coding assistants (like Claude, Cursor, or Lovable) who may not notice security problems in their automatically-generated code. It doesn't use AI to judge safety — it simply checks for known patterns of mistakes and shows exactly where problems exist.

How It Works

1
🤖 You use an AI coding assistant

You build your app quickly with an AI tool like Claude, Cursor, or Lovable — it's exciting how fast you can create something real.

2
😰 The app works, but you worry

Your creation runs perfectly on your computer. You know it has sensitive parts, but you can't see what might be dangerous hiding in the code.

3
🔍 You ask for a security check

Before going live, you simply ask your assistant to audit your app. It uses a special security skill you installed beforehand.

4
Your app gets scanned

In seconds, your assistant examines your code for the most common mistakes that let strangers access things they shouldn't — like exposed secrets or unprotected admin paths.

5
You see what needs fixing
🔴
Critical issues found

You have serious problems that need fixing right now — maybe anyone on the internet can delete your users or read your database.

🟡
Minor issues found

You have some things to clean up — maybe a debug route was left running or a setting isn't ideal.

6
🛠️ Your assistant fixes them

Before making any changes, your assistant asks permission. Then it updates your code to close the security gaps — all with your approval.

🚀 You deploy with confidence

Your app goes live knowing the obvious mistakes are caught. No more panic at 2am discovering that strangers could access your customers' private information.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vibesec?

Vibesec is a security audit skill that runs inside AI coding agents like Claude Code, Cursor, and Codex. Before you deploy a vibe-coded app, it scans your codebase for common security mistakes that AI agents tend to ship: admin API routes with no authentication, Supabase tables with RLS disabled or set to `USING (true)`, service role keys accidentally bundled into client-side code, and debug routes left running in production. You trigger it with a simple command like `Audit my app with vibesec`, and it returns a severity-ranked report with file locations and line numbers. The tool then offers to fix what it finds. It supports Next.js and Supabase out of the box, with common checks like exposed secrets and CORS misconfigurations running on any stack.

Why is it gaining traction?

The vibe-coding wave has a predictable security problem: AI agents ship features fast but default to insecure configurations. Vibesec addresses this by encoding the checklist of footguns that keep appearing in real deployments. The hook is the real-world example in the documentation showing how a flower shop's admin panel exposed full customer PII to anyone on the internet. The tool is stack-agnostic enough to be useful across projects, and the "no LLM-as-judge" approach means findings point to concrete files rather than hallucinated issues.

Who should use this?

Frontend developers shipping vibe-coded apps to production who want a safety net before going live. If you've used Claude, Cursor, or Lovable to build an app with Supabase or Next.js, this catches the mistakes that feel obvious in hindsight but are easy to miss during a fast build. It's especially useful for solo developers or small teams without a dedicated security reviewer. Teams with existing security processes probably need more than grep-based checks, but as a pre-deploy sanity check, it fills a real gap.

Verdict

Use it. The 1.0% credibility score and 10 stars reflect a brand-new project with no community validation yet, and the documentation is thin beyond the README. That said, the core idea is solid, the implementation is straightforward, and it addresses a genuine pain point. Run it on your next vibe-coded project as a sanity check before shipping.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.