Skills

vibe-security

Installation
Summary

Security audits for AI-generated code, catching vulnerabilities before they ship.

  • Systematically checks nine vulnerability categories: secrets exposure, database access control, authentication, rate limiting, payments, mobile security, AI/LLM integration, deployment config, and input validation
  • Prioritizes findings by severity (Critical → High → Medium → Low) with concrete exploit scenarios and before/after code fixes
  • Designed specifically for "vibe-coded" apps where AI assistants commonly introduce flaws like client-side price manipulation, disabled database rules, and hardcoded API keys
  • Skips irrelevant checks based on your tech stack; focuses only on genuine security issues with real-world impact
SKILL.md

Audit code for security vulnerabilities commonly introduced by AI code generation. These issues are prevalent in "vibe-coded" apps — projects built rapidly with AI assistance where security fundamentals get skipped.

AI assistants consistently get these patterns wrong, leading to real breaches, stolen API keys, and drained billing accounts. This skill exists to catch those mistakes before they ship.

The Core Principle

Never trust the client. Every price, user ID, role, subscription status, feature flag, and rate limit counter must be validated or enforced server-side. If it exists only in the browser, mobile bundle, or request body, an attacker controls it.

Audit Process

Examine the codebase systematically. For each step, load the relevant reference file only if the codebase uses that technology or pattern. Skip steps that aren't relevant.

  1. Secrets & Environment Variables — Scan for hardcoded API keys, tokens, or credentials. Check for secrets exposed via client-side env var prefixes (NEXT_PUBLIC_, VITE_, EXPO_PUBLIC_). Verify .env is in .gitignore. See references/secrets-and-env.md.

  2. Database Access Control — Check Supabase RLS policies, Firebase Security Rules, or Convex auth guards. This is the #1 source of critical vulnerabilities in vibe-coded apps. See references/database-security.md.

  3. Authentication & Authorization — Validate JWT handling, middleware auth, Server Action protection, and session management. See references/authentication.md.

Installs
1.4K
Repository
raroque/vibe-se…ty-skill
GitHub Stars
648
First Seen
Mar 15, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail