Wishmakingfairy/vibecheck

4 stars · Last commit 2026-04-02

Stop shipping vulnerabilities. 156 automated security checks for Claude Code. Blocks exposed API keys, disabled Supabase RLS, missing rate limiting, open CORS, and 150+ more before they reach your codebase.

PluginTDD & Testing Debugging Documentation Design & UI DevOps & Infra AI & Prompting Data & ML Security

README preview

<p align="center">
  <h1 align="center">vibecheck</h1>
  <p align="center"><strong>Vibe code. Vibe check. 156 security checks for Claude Code.</strong></p>
  <p align="center">Blocks dangerous patterns <em>before</em> Claude writes them to disk.</p>
</p>

<p align="center">
  <img src="https://img.shields.io/badge/security_checks-156-blue?style=flat-square" alt="156 checks" />
  <img src="https://img.shields.io/badge/CWE_coverage-68_IDs-orange?style=flat-square" alt="68 CWEs" />
  <img src="https://img.shields.io/badge/avg_latency-88ms-brightgreen?style=flat-square" alt="88ms latency" />
  <img src="https://img.shields.io/badge/dependencies-zero-brightgreen?style=flat-square" alt="Zero dependencies" />
  <img src="https://img.shields.io/github/license/Wishmakingfairy/vibecheck?style=flat-square" alt="MIT License" />
</p>

---

## The Problem

AI coding tools generate insecure code by default. Supabase schemas without RLS. API keys in frontend bundles. JWT tokens that never expire. CORS open to the world. Passwords hashed with MD5.

View full repository on GitHub →