🎯
vibe-security
🎯Skillfrom raroque/vibe-security-skill
|What it does
|Audits AI-generated "vibe-coded" applications for the security mistakes LLMs consistently introduce — hardcoded secrets, secrets exposed via `NEXT_PUBLIC_`/`VITE_`/`EXPO_PUBLIC_` prefixes, broken Supabase RLS / Firebase rules / Convex auth, weak JWT/middleware/Server Action protection, missing rate limits, client-side price manipulation, unverified Stripe webhooks, insecure mobile token storage, unsafe LLM API keys/output, and SQL/ORM input flaws. Loads relevant `references/*.md` files only when the codebase uses that technology and reports findings ordered Critical → High → Medium → Low with file:line and before/after fixes.
vibe-security
Installation
Vibe Index InstallInstalls to .claude/skills/ - auto-recognized by Claude Code
npx vibeindex add raroque/vibe-security-skill --skill vibe-securityskills.sh Install⚠ Installs to .agents/skills/ - may not be auto-recognized by Claude Code
npx skills add raroque/vibe-security-skill --skill vibe-securityManual InstallCopy SKILL.md content and save to the path below
~/.claude/skills/vibe-security/SKILL.mdSKILL.md
1,136Installs
-
AddedApr 13, 2026