I Built a Pre-commit Security Scanner with Claude Code

Caleb Jeon — Tue, 17 Feb 2026 07:14:17 +0000

Hey DEV community! 👋

I recently built vibe-guardian, a Claude Code skill that scans your code for security vulnerabilities before you commit.

The Problem

Most security scanners check your code after you've already pushed to GitHub. But here's the issue - even if you fix the vulnerability later, the original vulnerable code stays in your Git history forever. Anyone with repo access can see it.

The Solution: Scan Before Commit

Traditional Flow (Risky):
Code → Commit → Push → [SCAN] → Fix
                      ↑
               Already too late. Vulnerability in Git history.

Vibe-Guardian Flow (Safe):
Code → [SCAN] → Fix → Commit → Push
        ↑
   Catch it here. Git history stays clean.

What is vibe-guardian?

A Claude Code skill that automatically scans AI-generated code for security vulnerabilities and quality issues. Essential for the Vibe Coding era.

🔴 Critical Issues Detected

SQL Injection, NoSQL Injection, Command Injection
XSS (Reflected, Stored, DOM-based)
Hardcoded Secrets (API Keys, Passwords, JWT Secrets)
Authentication/Authorization Bypass
Path Traversal

🟡 Warning Level Issues

Missing Input Validation
Poor Error Handling (empty catch, exposed errors)
Sensitive Logging (PII in logs)
CORS Misconfiguration
Performance Issues (N+1 queries, memory leaks)

Installation

# Clone the repository
git clone https://github.com/Camof1ow/vibe-guardian.git

# Copy to Claude Code skills folder
cp -r vibe-guardian ~/.claude/skills/

Usage

/vibe-guardian              # Scan current file
/vibe-guardian --full       # Scan entire project
/vibe-guardian --fix        # Get fix suggestions
/vibe-guardian path/to/file # Scan specific file

Sample Report

╔═══════════════════════════════════════════════════════════════╗
║              🛡️ Vibe-Guardian Security Report                 ║
╠═══════════════════════════════════════════════════════════════╣
║ Files Scanned: 12     Lines: 1,847     Duration: 2.3s        ║
╠═══════════════════════════════════════════════════════════════╣
║ 🔴 Critical: 3  │  🟡 Warning: 7  │  🟢 Info: 12             ║
╠═══════════════════════════════════════════════════════════════╣
║ 📊 Security Score: 72/100                                     ║
╚═══════════════════════════════════════════════════════════════╝

Why I Built It

I built this entirely using Claude Code - Anthropic's CLI tool for coding. The entire development process was a collaboration with Claude.

Features

✅ Runs locally (no internet required, your code stays private)
✅ Supports JavaScript, TypeScript, Python, Java, Go
✅ 100% Free & Open Source (MIT License)
✅ Detailed reports with fix suggestions
✅ Edge case generation

Feedback Welcome!

This is my first open source security tool, so I'd love to hear your feedback. Feel free to:

⭐ Star the repo if you find it useful
🐛 Report any issues
💡 Suggest new features
🤝 Contribute!

Thanks for reading! Let me know what you think in the comments.

DEV Community: Caleb Jeon