rikukenju.com
← All Projects
DevTools SecurityPrototype

Vibe Security

"Scan your vibe-coded app for security flaws in 5 minutes. Get a trust badge to prove it."

Live Demo ↗
Screenshot of Vibe Security

The Idea

VibeCheck is an AI-powered security auditing platform purpose-built for apps created with vibe-coding tools (Lovable, Bolt, v0, Replit, Cursor). Users connect a GitHub repo or provide a live URL, and the platform automatically scans for the most common vibe-coded vulnerabilities — exposed API keys, missing Row Level Security, broken auth, open CORS, hardcoded secrets — then generates a plain-English report with copy-paste fixes. Apps that pass earn a public "Vibe Check" trust badge.

Who It's For

Non-traditional developers and indie hackers who build apps with AI coding tools (Lovable, Bolt, v0, Replit, Cursor) and ship fast but lack security expertise. Secondary: agencies and freelancers building for clients using vibe-coding tools who need to demonstrate due diligence.

What's Built

Build only what proves the core value loop: submit code → get a security report → see a badge.

  • Auth: Email/password sign-up and login
  • Project creation: User creates a "project" by pasting a public GitHub repo URL
  • Automated scan engine: Backend clones the repo, runs a static analysis pipeline against a curated checklist of 15 vulnerability patterns (exposed keys, missing RLS policies, open CORS, hardcoded secrets, broken auth patterns, missing rate limiting, SQL injection vectors, XSS vectors, missing HTTPS enforcement, insecure cookie flags, debug mode enabled, permissive .env exposure, unvalidated redirects, missing CSP headers, default credentials)
  • Report dashboard: Displays findings with severity (Critical / High / Medium / Low), plain-English descriptions, and suggested fix snippets
  • Badge system: If zero Critical/High findings, generate a public badge page with a unique URL and embeddable HTML snippet
  • Scan history: Persist all scans; user can re-scan and compare

Explicitly out of scope for MVP: live endpoint scanning, human-in-the-loop review, paid tiers/billing, continuous monitoring, Lovable/Bolt direct integrations (just GitHub for now), vulnerability data licensing.