If you're shipping AI-generated code fast, this catches the security holes that LLMs consistently miss. It audits for exposed API keys, client-controlled pricing, disabled database rules (Supabase RLS, Firebase), and broken auth patterns. The approach is practical: it flags only real exploits, shows before/after fixes, and prioritizes by actual impact. Especially useful if you're building with Next.js, Supabase, Stripe, or LLM integrations where one wrong environment variable prefix can leak your service role key. Run it before deploy or when someone asks "is this safe?" It's opinionated about server-side validation, which is the right call for vibe-coded apps.
npx skills add https://github.com/raroque/vibe-security-skill --skill vibe-security