vibe-check

Security audit plugin for vibe coders. Ship without the security nightmares.

Installation

First, add the marketplace:

/plugin marketplace add Rahat-ch/vibe-check

Then install the plugin:

/plugin install vibe-check

Commands

/vibe-check:vibe-check

Full security audit - runs all checks and generates VIBE_CHECK.md.

/vibe-check:secrets

Scan for hardcoded API keys, exposed env vars, and .env files in git.

/vibe-check:rls

Analyze Supabase Row Level Security policies. Optionally verify via browser if Chrome extension is available.

/vibe-check:auth

Check API routes for missing authentication and authorization.

/vibe-check:deps

Run npm audit and report vulnerable dependencies.

/vibe-check:ship

Pre-deploy checklist with ship-readiness score.

Auto-Trigger

The vibe-auditor skill automatically activates when you work with:

• •.env files
• •supabase/ folder
• •API routes (app/api/**, pages/api/**)
• •Auth-related files

It provides quick security tips without interrupting your flow.

Ignore Patterns

Inline

const key = "test-key"; // vibe-ignore:secrets

.vibeignore file

# Known safe files
src/constants/public-keys.ts
*.test.ts
__mocks__/**

Disclaimer

This tool provides educational guidance for common security pitfalls. It is NOT a replacement for professional security audits. You are solely responsible for your application's security.

Stack Support

Optimized for:

• •Next.js (App Router & Pages Router)
• •Supabase
• •React

Works with other stacks but checks are most thorough for the above.

Requirements

• •Node.js 18+
• •Claude Code CLI

License

MIT