REPOGEO REPORT · LITE

safeboundai/vibe-scanner

Default branch main · commit dfda19d0 · scanned 6/28/2026, 3:38:01 PM

GitHub: 502 stars · 62 forks

AI VISIBILITY SCORE

23 /100

Critical

Category recall

0 / 2

Not recommended in any query

Rule findings

1 pass · 0 warn · 1 fail

Objective metadata checks

AI knows your name

2 / 3

Direct prompts that named your repo

HOW TO READ THIS REPORT

Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface safeboundai/vibe-scanner, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.

Action plan — copy-paste fixes

2 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.

OVERALL DIRECTION

highabout#1

Add a concise description to the repository's About section

Why:

COPY-PASTE FIX

Discovers and assesses shadow apps (internal tools on AI/no-code builders, serverless hosts, ML platforms) for enterprise red teams, identifying exposed auth, secrets, and vulnerabilities.

highreadme#2

Reposition the README's opening paragraph to clarify 'vibe-coded shadow apps'

Why:

CURRENT

Discovers and assesses **vibe-coded shadow apps** — internal tools deployed by employees, without IT review, on AI/no-code builders (Lovable, Replit, Base44), JAMstack/serverless hosts (Netlify, Vercel, Cloudflare Pages, Fly.io, Firebase Hosting), ML demo platforms (Hugging Face Spaces, Streamlit Cloud), and quick-prototype platforms (Glitch). Given a single target domain (e.g. `example.com`), it enumerates apps belonging to that organization across all 11 platforms, then probes each app for exposed authentication, hardcoded secrets, Supabase RLS-bypass conditions (CVE-2025-48757), and sensitive data classes.

COPY-PASTE FIX

Discovers and assesses **shadow apps** (internal tools deployed by employees without IT review on AI/no-code builders, serverless hosts, ML platforms, etc.) for security risks. It identifies these 'vibe-coded' applications across 11 platforms, then probes each for exposed authentication, hardcoded secrets, Supabase RLS-bypass conditions (CVE-2025-48757), and sensitive data classes.

Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash

Category visibility — the real GEO test

Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?

Same questions for every model — switch tabs to compare answers and rankings.

Recall

0 / 2

0% of queries surface safeboundai/vibe-scanner

Avg rank

—

Lower is better. #1 = top recommendation.

Share of voice

Of all named tools, what % are you?

Top rival

Wiz

Recommended in 1 of 2 queries

COMPETITOR LEADERBOARD

Wiz · recommended 1×
Orca Security · recommended 1×
prowler-cloud/prowler · recommended 1×
nccgroup/ScoutSuite · recommended 1×
cloud-custodian/cloud-custodian · recommended 1×

CATEGORY QUERY
What tools help red teams discover unmanaged applications and security risks across cloud platforms?
you: not recommended
AI recommended (in order):
1. Wiz
2. Orca Security
3. Prowler (prowler-cloud/prowler)
4. ScoutSuite (nccgroup/ScoutSuite)
5. Cloud Custodian (cloud-custodian/cloud-custodian)
6. Microsoft Defender for Cloud
7. Google Cloud Security Command Center
AI recommended 7 alternatives but never named safeboundai/vibe-scanner. This is the gap to close.
Show full AI answer
CATEGORY QUERY
How to scan internal low-code and serverless deployments for exposed secrets and auth?
you: not recommended
AI recommended (in order):
1. SpectralOps
2. GitGuardian Internal Monitoring
3. TruffleHog (trufflesecurity/trufflehog)
4. AWS Macie
5. Google Cloud DLP
6. Semgrep (semgrep/semgrep)
7. Checkov (bridgecrewio/checkov)
AI recommended 7 alternatives but never named safeboundai/vibe-scanner. This is the gap to close.
Show full AI answer

Objective checks

Rule-based audits of metadata signals AI engines weight most.

Metadata completeness
fail
Suggestion:
README presence
pass

Self-mention check

Does AI even know your repo exists when asked about it directly?

Compared to common alternatives in this category, what is the core differentiator of safeboundai/vibe-scanner?
pass
AI named safeboundai/vibe-scanner explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
If a team adopts safeboundai/vibe-scanner in production, what risks or prerequisites should they evaluate first?
pass
AI named safeboundai/vibe-scanner explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
In one sentence, what problem does the repo safeboundai/vibe-scanner solve, and who is the primary audience?
pass
AI did not name safeboundai/vibe-scanner — likely talking about a different project
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?

Embed your GEO score

Drop this badge into the README of safeboundai/vibe-scanner. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.

Live preview

MARKDOWN (README)

[![RepoGEO](https://repogeo.com/badge/safeboundai/vibe-scanner.svg)](https://repogeo.com/en/r/safeboundai/vibe-scanner)

HTML

<a href="https://repogeo.com/en/r/safeboundai/vibe-scanner"><img src="https://repogeo.com/badge/safeboundai/vibe-scanner.svg" alt="RepoGEO" /></a>

Pro

Subscribe to Pro for deep diagnoses

safeboundai/vibe-scanner — Lite scans stay free; this card itemizes Pro deep limits vs Lite.

Deep reports10 / month
Brand-free category queries5 vs 2 in Lite
Prioritized action items8 vs 3 in Lite