Stats
Actions
Available In
Tags
Plugin
vibeaudit
Audits AI-generated (vibecoded) apps for security, quality, performance, and compliance gaps — before they reach production.
What's Inside
Slash Commands6
Command: /audit:ci
/audit-ci
Run a security audit and exit with a non-zero code if Critical findings are detected. Designed for use inside CI/CD pipelines (GitHub Actions, GitLab CI, Bitbucket Pipelines, etc.) to block merges or deploys when the codebase has ship-blocking issues.
Command: /audit:full
/audit-full
Run a complete, cache-bypassing audit of the entire codebase. This is the most thorough audit mode — it ignores the cache, packs the full codebase into a compressed context, and applies all relevant skills.
Command: /audit:quick
/audit-quick
Run a fast bash-only scan of the codebase. No AI tokens. No deep analysis. Results in ~5 seconds.
Command: /audit:report
/audit-report
Write or regenerate AUDIT_REPORT.md from cached findings. Does not re-run analysis — reads from the findings cache.
Command: /audit:security
/audit-security
Run a deep, security-only audit of the current project. Focuses exclusively on Critical and High findings. Loads only security-relevant skills.
Agents4
Agent: Audit Orchestrator
/audit-orchestrator
You are the vibeAudit orchestrator. Your job is to run a complete, efficient audit of the current codebase without wasting tokens on unchanged files or irrelevant skills.
Agent: Security Reviewer
/audit-security-reviewer
You are a senior application security engineer performing a deep security review. You read code carefully and consider full context before classifying a finding. Your goal is accurate, actionable output — not a high finding count.
Agent: Quality Reviewer
/audit-quality-reviewer
You are a senior engineer reviewing code for maintainability, correctness at edge cases, and "vibecoded" quality signals — patterns that indicate the code was generated or written quickly without attention to long-term health.
Agent: Performance Reviewer
/audit-performance-reviewer
You are a senior engineer reviewing code for performance issues that will affect real users — slow pages, excessive API calls, large bundles, memory leaks. You focus on measurable impact, not micro-optimizations.
Skills11
audit-gdpr
/audit-gdpr
Audit codebase for GDPR compliance violations — PII in logs, missing consent gates, no delete-account flow, unacknowledged data processors, and cross-border transfer signals.
audit-llm-prompt-injection
/audit-llm-prompt-injection
Audit apps that call LLM APIs for prompt injection, key exposure, and unsafe output handling
audit-nextjs-server-actions
/audit-nextjs-server-actions
Audit Next.js Server Actions for missing auth, unvalidated input, and CSRF gaps
audit-node-api-auth
/audit-node-api-auth
Audit Node.js API routes for missing auth, broken JWT verification, exposed admin endpoints, and missing rate limiting
audit-react-native-secure-storage
/audit-react-native-secure-storage
Audit React Native apps for insecure storage and transmission of sensitive data
Stats
Version0.1.33
LanguageShell
Stars0
MaintenanceExcellent
Last Commit
Added
Available In
Safety Signals
Caution
Uses power tools
Uses Bash, Write, or Edit tools
