Vibe Security

An AI-powered security scanner and fixer for Vibe Coder that finds, verifies, and automatically fixes security vulnerabilities in your code.

<p align="center"> <img src="https://img.shields.io/badge/Security-First-red?style=for-the-badge" alt="Security First"> <img src="https://img.shields.io/badge/OWASP-Top%2010-orange?style=for-the-badge" alt="OWASP Top 10"> <img src="https://img.shields.io/badge/CWE-Compliant-blue?style=for-the-badge" alt="CWE Compliant"> </p> <!-- <p align="center"> <a href="https://www.buymeacoffee.com/0x8506" target="_blank"> <img src="https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png" alt="Buy Me A Coffee" style="height: 60px !important;width: 217px !important;" > </a> </p> -->

Overview

Vibe Security is a comprehensive security analysis tool designed specifically for AI-assisted development with Vibe Coder. It automatically scans your codebase for security vulnerabilities, provides detailed explanations, and can automatically fix many common security issues.

Features

🔍 Security Scanner

• 30+ Security Rules covering OWASP Top 10
• Multi-Language Support - JavaScript, TypeScript, Python, Java, PHP, C#, Ruby, Go, Rust
• Real-time Analysis - Scan your entire codebase in seconds
• Detailed Reports - Comprehensive vulnerability reports with severity ratings

🛡️ Vulnerability Detection

• SQL Injection, XSS, Command Injection, Path Traversal
• CSRF, Weak Cryptography, Hardcoded Secrets
• Authentication/Authorization Issues, SSRF, XXE
• And many more security vulnerabilities

🔧 Auto-Fix

• Automatically fix common security issues
• Safe, tested remediation strategies
• Preserves functionality while improving security

✅ Verification

• Security posture verification
• Compliance reporting
• Best practices assessment

🤖 AI Integration

• Security guidelines for Claude, Cursor, Windsurf, Copilot, Antigravity
• Security-first code generation
• Automated security review

Installation

Using npm (Recommended)

# Install globally
npm install -g vibe-security

# Or using bun
bun install -g vibe-security

Quick Start

# Install security guidelines for AI assistant
vibesec init --ai claude    # For Claude
vibesec init --ai cursor    # For Cursor
vibesec init --ai windsurf  # For Windsurf
vibesec init --ai copilot   # For GitHub Copilot
vibesec init --ai antigravity # For Antigravity
vibesec init --ai all       # For all assistants

# Version Management
vibesec versions              # List available versions
vibesec update                # Update to latest version
vibesec init --version v1.0.0 # Install specific version

Usage

Claude Code

The skill activates automatically when you request security scanning or code review. Just chat naturally:

Scan my code for security vulnerabilities
Fix the SQL injection issues in my project
Check my authentication implementation for security issues

Cursor / Windsurf / Antigravity

Use the slash command to invoke the skill:

/vibe-security Scan my code for security vulnerabilities
/vibe-security Fix the SQL injection issues in my project
/vibe-security Check my authentication implementation for security issues

GitHub Copilot

In VS Code with Copilot, type / in chat to see available prompts, then select vibe-security:

/vibe-security Scan my code for security vulnerabilities
/vibe-security Fix the SQL injection issues in my project
/vibe-security Check my authentication implementation for security issues

Example Prompts

• Scan my code for security vulnerabilities
• Fix hardcoded secrets in my project
• Check for SQL injection vulnerabilities
• Review my authentication implementation
• Find and fix XSS vulnerabilities
• Verify security best practices
• Install security guidelines for Claude

Recommended AI Models

For Best Security Analysis

We recommend using these AI models with Vibe Security for optimal security vulnerability detection and code fixing:

Claude Opus 4.5 (Recommended)

• Most advanced model for comprehensive security analysis
• Superior reasoning capabilities for complex vulnerability detection
• Exceptional at identifying subtle security flaws and attack vectors
• Best for critical security audits, enterprise codebases, and production deployments
• Provides the most thorough security remediation strategies

Claude Sonnet 4.5

• Excellent balance of speed and security analysis depth
• Great at understanding security context and identifying vulnerabilities
• Provides safe remediation strategies with detailed explanations
• Ideal for daily development and most security workflows

Claude Opus 4

• Powerful for complex security audits and enterprise codebases
• Deep reasoning capabilities for advanced vulnerability analysis
• Best for critical security reviews and compliance requirements
• Recommended f