Like most of you, I’ve been vibe coding my way through projects. Claude writes the auth, Replit spins up the DB, Bolt connects everything. It’s genuinely magic. What the AI doesn’t do is protect you. And it won’t warn you either. After shipping a side project I got paranoid and scanned my own code. Here’s a sample of what came back: A JWT secret hardcoded in an API route (thanks, AI) Zero rate limiting on the login endpoint No input validation on a form that writes directly to the database None of this was malicious. The AI just doesn’t think about it. It writes working code. Working and secure are not the same thing. I built VaultScan out of this frustration. You upload your project ZIP and/or insert your url, it scans everything and gives you one fix prompt to paste back into your coding agent. No security knowledge needed. Pay per scan, no subscription. If you’ve shipped something with an AI tool and haven’t thought about this yet, now’s the time. What’s the worst thing you’ve accidentally shipped? submitted by /u/Objective_Law2034
Originally posted by u/Objective_Law2034 on r/ClaudeCode