Claude Skill
raroque/vibe-security-skill
Vibe Security Skill 审计由AI编码助手开发的应用程序中的常见安全漏洞,帮助检测并修复AI生成代码中的安全问题。
概览
仓库信息
安装这个 Skill
npx skills add https://github.com/raroque/vibe-security-skill --skill vibe-securityRegistry 信息
项目简介
Vibe Security Skill 是一款代理技能,用于审计由AI编码助手开发的应用程序中常见的安全漏洞,帮助开发者识别并修复AI生成代码中的安全问题。
Agent skill that audits vibe-coded apps for common security vulnerabilities introduced by AI coding assistants
要点
- 审计由AI编码助手开发的应用程序中的安全漏洞
- 检测AI编码助手引入的安全问题
- 提供可操作的安全建议
- 集成到开发工作流中
使用场景
- AI生成代码的安全审查
- 部署前的漏洞扫描
- CI/CD流水线安全检查
README 摘要
<p align="center"> <img src="https://img.shields.io/badge/security-vibe--coded%20apps-DC2626.svg" alt="Security for vibe-coded apps" /> <img src="https://img.shields.io/badge/license-MIT-blue.svg" alt="MIT License" /> <a href="https://twitter.com/raroque"> <img src="https://img.shields.io/badge/Contact-@raroque-95a5a6.svg?style=flat" alt="Twitter: @raroque" /> </a> </p> <h1 align="center">Vibe Security - Agent Skill for AI Coding Assistants</h1> An agent skill that helps secure vibe-coded apps - or honestly any app - from common security vulnerability patterns. Built by [Chris Raroque](https://www.youtube.com/@raroque) ([@raroque](https://twitter.com/raroque)) in collaboration with my colleagues at [Aloa](https://aloa.co). AI assistants are great at building features fast but consistently get security wrong: hardcoding secrets, skipping row-level security, trusting client-submitted prices, storing tokens in localStorage. This skill catches those patterns before they ship. **Need help building AI apps, custom agents, or implementing AI at your company?** Work with Chris and the team at [Aloa](https://aloa.co). ## Background This skill was built specifically to address the security issues that keep showing up in vibe-coded applications. When you're building fast with AI, security fundamentals get skipped - and the AI assistants themselves are often the ones introducing the vulnerabilities. This skill gives your agent the knowledge to catch and prevent those patterns. It uses the [Agent Skills](https://agentskills.io/home) format, so it works with Claude Code, OpenAI Codex, and other compatible agents. The security rules are organized as reference files that the agent loads based on what technologies your project uses. If you're using Supaba
话题
暂无话题