Can Vibe Auditor detect leaked API keys?

Yes, it specifically flags common patterns for OpenAI keys, JWT tokens, GitHub Personal Access Tokens, and Supabase service role keys.

What is vibe-coding security?

Vibe-coding security involves using automated tools like Vibe Auditor to ensure that rapid, AI-assisted development doesn't lead to common vulnerabilities like leaked secrets or missing authorization.

Does Vibe Auditor block my development workflow?

No, it is designed to be non-intrusive. It provides brief, actionable warnings and concise tips only when high-risk patterns are detected, allowing you to stay in flow.

How do I trigger a full security scan?

While the skill acts proactively as you work, you can use the /vibe-check command followed by a specific category like secrets, auth, or rls for a comprehensive analysis.

Vibe Auditor

Name: Vibe Auditor
Author: Rahat-ch

byRahat-ch

セキュリティとテスト

Audits and secures vibe-coded projects by proactively identifying security risks in code patterns, environment files, and authentication flows.

概要

Vibe Auditor is a proactive security companion for Claude Code designed to catch vulnerabilities in fast-paced development environments. It automatically monitors sensitive file types like .env files, Supabase configurations, and API routes to flag hardcoded secrets, SQL injection risks, and missing authentication middleware. By providing non-intrusive warnings and actionable fixes during the development process, it ensures that productivity-focused vibe-coding doesn't compromise application security or data integrity.

主な機能

0 GitHub stars
Security auditing for Supabase Row Level Security (RLS) and database migrations
Proactive monitoring of environment and secret-sensitive files
Context-aware suggestions for fixing SQL injection and insecure code patterns
Real-time detection of hardcoded API keys and credentials
Automated identification of missing authentication in API routes

ユースケース

Ensuring new API endpoints are protected by authentication logic
Auditing database migrations for proper access control and security best practices
Preventing accidental commits of private .env files or API keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rahat-ch/vibe-check vibe-auditor

For use in Claude.ai and ChatGPT

Download Skill

GitHub

概要