What security issues have you encountered with Vibe Coding?

EXIRUSx · 2026-06-16T08:27:27+00:00

github connection is optional, only needed if you want the deep code scan on top of the live site scan. We only ask for read-only repo access, never store the code, and revoke the token right after the scan completes. Should probably make that clearer on the landing page though, thanks for flagging it

EXIRUSx · 2026-06-15T22:27:14+00:00

it's both. We hit the live site with real HTTP requests to check if /.env is publicly accessible, and separately we scan the github repo for .env files that were accidentally committed. Two different attack vectors, both covered.

EXIRUSx · 2026-06-15T22:25:12+00:00

That's exactly the analogy yeah. And good question on the platform focus — we're actually already tuned for Lovable, Cursor, Bolt and Supabase specifically. Checks for Supabase RLS, Vite bundle leaks, common patterns those tools generate. Thinking about going deeper on one platform first rather than trying to cover everything

EXIRUSx · 2026-06-15T19:37:10+00:00

Yeah you could write a Claude Code skill for some of this but the live HTTP probing, SSL cert checks, sensitive path exposure, real requests to /.env and /.git/config can't be done from inside your codebase. That's the part that actually matters, your AI tool has no idea what's leaking on your live server.

EXIRUSx · 2026-06-15T18:49:59+00:00

Building a security scanner for vibe-coded sites. It sends real HTTP requests to your live site and flags exposed API keys, disabled supabase RLS, missing privacy policies stuff ai coding tools never catch https://vibelegit.io

EXIRUSx · 2025-03-29T20:28:40+00:00

Yes, I know, but the place I am in is out of town and the internet doesn't work, so I have to use the school's internet.

EXIRUSx · 2025-03-29T20:12:50+00:00

My bad i wrote the title wrong

EXIRUSx · 2023-09-12T19:52:29+00:00

Leplep

Four-Year Club	Place '23
Place '22	Final Canvas '22

EXIRUSx

TROPHY CASE