vibe-security

Audits codebases for security vulnerabilities in AI-generated applications, ensuring safe handling of sensitive data and authentication.

Install this skill

83/100

Security score

The vibe-security skill was audited on Mar 17, 2026 and we found 5 security issues across 2 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 32

Webhook reference - potential data exfiltration

SourceSKILL.md

32	5. Payment Security — Check for client-side price manipulation, webhook signature verification, and subscription status validation. See `references/payments.md`.

medium line 118

Webhook reference - potential data exfiltration

SourceSKILL.md

118	- `references/payments.md` — Stripe security, webhook verification, and price validation.

medium line 24

Access to .env file

SourceSKILL.md

24	1. Secrets & Environment Variables — Scan for hardcoded API keys, tokens, or credentials. Check for secrets exposed via client-side env var prefixes (`NEXT_PUBLIC_`, `VITE_`, `EXPO_PUBLIC_`). Veri

low line 76

Access to .env file

SourceSKILL.md

76	const supabase = createClient(url, process.env.NEXT_PUBLIC_SUPABASE_SERVICE_KEY!)

low line 79

Access to .env file

SourceSKILL.md

79	const supabase = createClient(url, process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!)

Scanned on Mar 17, 2026

View Security Dashboard

Install this skill with one command

/learn @raroque/vibe-security

GitHub Stars 22

Rate this skill

Categorydevelopment

UpdatedMarch 29, 2026

openclaw backend api security-engineer backend-developer devops-sre data-engineer product-manager supabase firebase development product

raroque/vibe-security-skill