Analysis updated 2026-05-18
Run a single command to scan a vibe-coded app for secrets, vulnerable dependencies, and misconfigurations before launch.
Get an honest security report that flags coverage gaps instead of a false all-clear.
Audit Postgres or Supabase database migrations for missing Row Level Security rules.
Use pre-built RLS policy templates to lock down a Supabase data API.
| akshayramabhat/claude-security-kit | saiprajoth/timescaledb-lab | intelligent-internet/psql_bm25s | |
|---|---|---|---|
| Stars | 0 | 1 | 127 |
| Language | PLpgSQL | PLpgSQL | PLpgSQL |
| Setup difficulty | — | moderate | moderate |
| Complexity | 2/5 | 3/5 | 4/5 |
| Audience | developer | developer | developer |
Figures from each repo's GitHub metadata at analysis time.
This project is a security toolkit built as a plugin for Claude Code, the AI coding assistant. Its main feature is a single command, security-scan, that runs a whole set of well known open source security scanners over your codebase at once, then combines their results into one prioritized, easy to read report instead of a wall of raw scanner output. It is aimed at people who built an app quickly, sometimes with the help of AI tools, and want to check it for problems before putting it in front of real users. The scan covers five areas: secrets accidentally left in code, code level security bugs, known vulnerabilities in your dependencies, misconfigurations in containers and infrastructure files, and packages that might be malicious or impersonating a real one. On its first run, the tool checks which of the underlying scanners are already installed on your machine and offers to install the missing ones using whatever package manager you already have, but only after you confirm, and it shows you exactly what commands it would run first. A notable design choice is honesty about coverage. If some scanners were not installed and got skipped, the generated report says so clearly and does not claim the repository is clean. It lists what ran, what did not, and what remains unchecked, so you are not given a false sense of security. Beyond the general scanner, the kit includes a separate feature for reviewing Postgres and Supabase database security, specifically Row Level Security rules that control who can see or change which rows of data. It includes an automated reviewer agent that checks database migration files for missing or broken security rules, along with copyable rule templates and a guide explaining common ways this kind of protection quietly fails. The project itself is released under the MIT license, though the individual scanners it wraps keep their own separate licenses.
A Claude Code plugin that runs multiple open-source security scanners in one command and produces an honest, prioritized report.
Mainly PLpgSQL. The stack also includes PLpgSQL, Claude Code, Postgres.
Use freely for any purpose, including commercial use, as long as you keep the copyright notice.
Mainly developer.
This repo across BitVibe Labs
Verify against the repo before relying on details.