I Built a Pre-commit Security Scanner with Claude Code

Hey DEV community! 👋

I recently built vibe-guardian, a Claude Code skill that scans your code for security vulnerabilities before you commit.

The Problem

Most security scanners check your code after you've already pushed to GitHub. But here's the issue - even if you fix the vulnerability later, the original vulnerable code stays in your Git history forever. Anyone with repo access can see it.

The Solution: Scan Before Commit

Traditional Flow (Risky):
Code → Commit → Push → [SCAN] → Fix
                      ↑
               Already too late. Vulnerability in Git history.

Vibe-Guardian Flow (Safe):
Code → [SCAN] → Fix → Commit → Push
        ↑
   Catch it here. Git history stays clean.

What is vibe-guardian?

A Claude Code skill that automatically scans AI-generated code for security vulnerabilities and quality issues. Essential for the Vibe Coding era.

🔴 Critical Issues Detected

• SQL Injection, NoSQL Injection, Command Injection
• XSS (Reflected, Stored, DOM-based)
• Hardcoded Secrets (API Keys, Passwords, JWT Secrets)
• Authentication/Authorization Bypass
• Path Traversal

🟡 Warning Level Issues

• Missing Input Validation
• Poor Error Handling (empty catch, exposed errors)
• Sensitive Logging (PII in logs)
• CORS Misconfiguration
• Performance Issues (N+1 queries, memory leaks)

Installation

# Clone the repository
git clone https://github.com/Camof1ow/vibe-guardian.git

# Copy to Claude Code skills folder
cp -r vibe-guardian ~/.claude/skills/

Usage

/vibe-guardian              # Scan current file
/vibe-guardian --full       # Scan entire project
/vibe-guardian --fix        # Get fix suggestions
/vibe-guardian path/to/file # Scan specific file

Sample Report

╔═══════════════════════════════════════════════════════════════╗
║              🛡️ Vibe-Guardian Security Report                 ║
╠═══════════════════════════════════════════════════════════════╣
║ Files Scanned: 12     Lines: 1,847     Duration: 2.3s        ║
╠═══════════════════════════════════════════════════════════════╣
║ 🔴 Critical: 3  │  🟡 Warning: 7  │  🟢 Info: 12             ║
╠═══════════════════════════════════════════════════════════════╣
║ 📊 Security Score: 72/100                                     ║
╚═══════════════════════════════════════════════════════════════╝

Why I Built It

I built this entirely using Claude Code - Anthropic's CLI tool for coding. The entire development process was a collaboration with Claude.

Features

• ✅ Runs locally (no internet required, your code stays private)
• ✅ Supports JavaScript, TypeScript, Python, Java, Go
• ✅ 100% Free & Open Source (MIT License)
• ✅ Detailed reports with fix suggestions
• ✅ Edge case generation

Links

• GitHub: https://github.com/Camof1ow/vibe-guardian
• Gumroad: https://astkster.gumroad.com/l/vibe-guardian
• Buy Me a Coffee: https://buymeacoffee.com/camof1ow

Feedback Welcome!

This is my first open source security tool, so I'd love to hear your feedback. Feel free to:

• ⭐ Star the repo if you find it useful
• 🐛 Report any issues
• 💡 Suggest new features
• 🤝 Contribute!

Thanks for reading! Let me know what you think in the comments.