User guide

How to use VibeSafe — from sign-up to your first fix

VibeSafe scans AI-built apps for exposed keys, security flaws, bugs, and risky code — and explains every fix in plain English. This guide walks you through the whole journey with screenshots. Total time: about 5 minutes.

In this guide
1. What VibeSafe does 2. Create an account 3. Run your first scan 4. Understand your results 5. Copy or apply fixes 6. Use the VS Code extension 7. Scan history & reports 8. Run a Launch Check 9. Plans and limits 10. Troubleshooting

1What VibeSafe does

Tools like Lovable, Bolt, Cursor, and Replit build apps fast — but the code they generate often ships with exposed API keys, open databases, and unsafe logic. VibeSafe checks your code for these risks in about ten seconds and tells you exactly what to fix and how, without security jargon. Your code is never stored.

VibeSafe homepage

vibesafe.info — start with the "Start free scan" button

2Create an account

  1. Go to vibesafe.info and click Start free scan
  2. Sign up with Google, GitHub, or email — no credit card needed
  3. You land in your dashboard with 3 free scans every month
VibeSafe sign up and login page

Sign in with Google, GitHub, or email

3Run your first scan

The dashboard gives you four ways to scan, in the left sidebar:

VibeSafe dashboard with scan options

The dashboard — pick a scan type from the sidebar

Paste your code, pick the language (or let it auto-detect), and hit ▶ Run scan. Results arrive in about ten seconds.

Pasting code into the VibeSafe editor

Paste code and click Run scan

4Understand your results

Every scan produces a security score out of 100 and a list of issues sorted by severity:

VibeSafe scan results with security score

The score gauge, verdict, and issue counts

If critical issues are found, a summary pops up explaining why your score is low — each flaw, where it is, and what an attacker could do with it:

Why your score is low popup listing critical flaws

The post-scan summary of critical flaws

Click any issue to expand it. You get a plain-English explanation, the exact line, and a before/after fix:

Expanded issue with before and after fix

Every issue shows the problem line and the fixed version

5Copy or apply fixes

💡 Tip: the copy-fixes prompt works with any AI coding tool — Cursor, Lovable, Bolt, Replit, or ChatGPT. It lists each problem, the exact replacement, and why.

New to these terms? The Security Issues Explained page breaks down every issue VibeSafe finds — exposed keys, SQL injection, RLS, CSP, and more — in plain English with a before/after fix for each.

6Use the VS Code extension

Scan without leaving your editor — works in VS Code and Cursor.

  1. Open the Extensions panel (Ctrl+Shift+X), search VibeSafe, and install "VibeSafe - Security Scanner" by vibesafe-info
  2. Connect in one click: open your connect page, sign in, and it links your editor automatically — no keys to copy
  3. Open any file and press Ctrl+Shift+V (or click the 🛡 VibeSafe button in the status bar) to scan
  4. After each scan you get your score, the issues panel, and one-click Copy fixes
One-click editor connect page

The one-click connect page — sign in and your editor is linked

Also: use VibeSafe inside Claude & Cursor (MCP)

VibeSafe has an MCP server, so you can scan right inside an AI chat — just ask "scan this file with VibeSafe" and it runs. It works in Claude Desktop, Cursor, and any MCP client, exposing three tools: scan code, scan a live website, and run a Launch Check.

  1. Get a free API key: dashboard → API keys → Generate
  2. Add VibeSafe to your client's MCP config (full copy-paste setup in the MCP server README):
{ "mcpServers": { "vibesafe": { "command": "npx", "args": ["-y", "vibesafe-mcp"], "env": { "VIBESAFE_API_KEY": "vibesafe_sk_your_key" } } } }

Also: scan from the command line (CLI)

Prefer the terminal? The VibeSafe CLI scans a whole file or folder in seconds and prints each issue with a one-line fix. It exits with an error when critical issues are found, so it slots straight into a pre-commit hook or CI step.

  1. Get a free API key: dashboard → API keys → Generate
  2. Set it as VIBESAFE_API_KEY, then run:
npx vibesafe-scan ./src

Full options are in the CLI README.

Also: run VibeSafe in your CI/CD (GitHub Action)

To catch issues automatically, add the VibeSafe Vulnerability Scanner GitHub Action. It scans on every push or pull request and fails the build if critical issues are found, so risky code never reaches production.

  1. Store a free API key as a repository secret named VIBESAFE_API_KEY
  2. Add the action from the GitHub Marketplace to your workflow file

7Scan history & reports

Every scan is saved to Scan history in the sidebar — score, issue count, and date — so you can track progress as you fix things. Use Export PDF on any result to download a clean, branded security report you can share with clients, co-founders, or investors.

8Run a Launch Check 🚀

New: before you share your app with users, clients, or investors, let VibeSafe test it like a real person. Launch Check opens your deployed app in a real browser, clicks through pages, captures screenshots and errors, and gives you a launch-readiness score.

  1. Dashboard → 🚀 Launch Check in the sidebar
  2. Paste your app's URL (e.g. https://yourapp.vercel.app)
  3. Optionally describe what should work — e.g. "landing page and pricing"
  4. Click Test my app and wait about 30 seconds

The report shows your score out of 100, the pages it visited with load times, what worked, what needs fixing (with severity and a suggested fix for each), screenshots, and any console or network errors it caught. Fix the issues, hit 🔄 Retest, and watch your score climb.

🔒 Safe by design: Launch Check only looks — it never submits forms or clicks destructive buttons on your live app. Free plan includes 1 check per month; Pro and Team get unlimited.

9Plans and limits

VibeSafe pricing plans

Plans — start free, upgrade when you're shipping

10Troubleshooting

"Not connected yet" in the extension
Click Connect VibeSafe in the prompt, or run Ctrl+Shift+PVibeSafe: Connect. Sign in on the page that opens and your editor links automatically.
"Invalid API key"
Your key was revoked or mistyped. Dashboard → API keys → Generate new key → Connect VS Code. Keys always start with vibesafe_sk_.
"Scan failed" or no result
Usually a very large file or a momentary outage. Try a smaller portion of code, wait a minute, and scan again. If it keeps failing, contact us from the dashboard.
Results not showing after scan
Hard-refresh the page (Ctrl+Shift+R) — your browser may be holding an old version of the dashboard.
"You have used all 3 free scans this month"
Free scans reset on the 1st of each month — or upgrade to Pro for unlimited scans (there's usually a founding-member discount inside the app).
Run your first scan free →

3 free scans every month · No credit card · Your code is never stored