Can Vibe Auditor detect leaked API keys?

Yes, it specifically flags common patterns for OpenAI keys, JWT tokens, GitHub Personal Access Tokens, and Supabase service role keys.

What is vibe-coding security?

Vibe-coding security involves using automated tools like Vibe Auditor to ensure that rapid, AI-assisted development doesn't lead to common vulnerabilities like leaked secrets or missing authorization.

Does Vibe Auditor block my development workflow?

No, it is designed to be non-intrusive. It provides brief, actionable warnings and concise tips only when high-risk patterns are detected, allowing you to stay in flow.

How do I trigger a full security scan?

While the skill acts proactively as you work, you can use the /vibe-check command followed by a specific category like secrets, auth, or rls for a comprehensive analysis.

Vibe Auditor

Name: Vibe Auditor
Author: Rahat-ch

byRahat-ch

0•

Security & Testing

Audits and secures vibe-coded projects by proactively identifying security risks in code patterns, environment files, and authentication flows.

Vibe Auditor is a proactive security companion for Claude Code designed to catch vulnerabilities in fast-paced development environments. It automatically monitors sensitive file types like .env files, Supabase configurations, and API routes to flag hardcoded secrets, SQL injection risks, and missing authentication middleware. By providing non-intrusive warnings and actionable fixes during the development process, it ensures that productivity-focused vibe-coding doesn't compromise application security or data integrity.

Key Features

010 GitHub stars

02Security auditing for Supabase Row Level Security (RLS) and database migrations

03Proactive monitoring of environment and secret-sensitive files

04Context-aware suggestions for fixing SQL injection and insecure code patterns

05Real-time detection of hardcoded API keys and credentials

06Automated identification of missing authentication in API routes

Use Cases

01Ensuring new API endpoints are protected by authentication logic

02Auditing database migrations for proper access control and security best practices

03Preventing accidental commits of private .env files or API keys

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add rahat-ch/vibe-check vibe-auditor

For use in Claude.ai and ChatGPT

Download Skill