Receives code locally
Run VibeLint through an MCP-compatible coding tool, the CLI, or a pre-commit workflow. Raw source files stay on the developer machine during scanning.
Loading VibeLint...
VibeLint scans proposed and existing source code for security mistakes that AI coding tools often introduce, then returns clear findings and safer fixes while keeping raw source local by default.
11
detector categories
Local
raw source scanning
MCP + CLI
developer workflow
What it does
Code security analyzes the code itself. It gives an AI coding agent or developer a security decision before a risky change becomes part of the repository.
Run VibeLint through an MCP-compatible coding tool, the CLI, or a pre-commit workflow. Raw source files stay on the developer machine during scanning.
Detectors cover secrets, authentication, injection, framework configuration, CORS, static-analysis findings, prompt injection, LLM output execution, dependencies, rate limiting, and missing authentication.
Each result identifies the detector, severity, affected file and line, why the pattern is risky, and a fix hint. Plans and workflow configuration determine the available coverage and blocking behavior.
Example: an AI agent edits authentication
An agent proposes decoding a session token without verifying its signature. VibeLint flags the unsafe authentication pattern and points the agent toward verified token handling.
Example use cases
AI coding agents
Let Cursor, Claude Code, Codex, Windsurf, or another MCP client scan a proposed file before accepting the change.
Repository safety
Scan changed files before a commit so risky generated code does not quietly move into review or deployment.
AI applications
Find untrusted content entering privileged prompts or model output reaching commands, tools, file access, or other sensitive execution paths.
A static code scan does not automatically observe every terminal command or external tool call. The coding agent, MCP workflow, CLI, or hook must invoke the scan at the right point. Keep tests, dependency review, runtime controls, and human review in the workflow too.
One connected security loop
Code checks, permission decisions, approvals, and action evidence work best together—before, during, and after an agent action.