Risk Audit FAQs

Question 1

What is Risk Audit and what does it do?

Accepted Answer

Risk Audit is a CLI and MCP server tool that scans your code for common security issues like XSS, injection flaws, SSRF, and path traversal. It provides clear, severity-grouped results along with practical suggestions for how to fix them.

Question 2

How does Risk Audit ensure my code's privacy?

Accepted Answer

Risk Audit runs entirely locally and offline, making zero network calls. Your code never leaves your machine, ensuring maximum privacy and security for your projects.

Question 3

Can Risk Audit be integrated into my development workflow?

Accepted Answer

Yes, it functions as both a command-line interface (CLI) for quick, on-demand scans and an MCP server, allowing seamless integration with AI tools and IDEs like Claude Desktop or Codex CLI.

Question 4

What kind of output and configuration options does Risk Audit offer?

Accepted Answer

It provides results grouped by severity (Critical, Medium, Low) with file paths and line ranges. You can configure scanning behavior via a `.vibecheckrc` file to filter by severity, include/exclude specific paths, and manage individual security rules.

Question 5

Who is Risk Audit designed for?

Accepted Answer

It's ideal for beginners seeking actionable security guidance and experienced developers wanting a fast, local scanner that integrates into their existing workflow or MCP-enabled tools for quick feedback on common security pitfalls.

Risk Audit

About

Key Features

Use Cases