REPOGEO 报告 · LITE
safeboundai/vibe-scanner
默认分支 main · commit dfda19d0 · 扫描时间 2026/6/28 15:38:01
星标 502 · Fork 62
行动计划告诉你下一步要做什么——按影响力排序、可直接复制粘贴的修改。品类可见性是真正的 GEO 测试:当用户向 AI 提一个不带品牌、本应让 safeboundai/vibe-scanner 浮出水面的问题时,AI 是真的推荐了你,还是推荐了你的竞品?客观检查验证 AI 引擎最先权衡的那些元数据信号。自指检查判断 AI 是否还认识你的名字。
行动计划 — 可复制粘贴的修复
2 条由 gemini-2.5-flash 生成、按优先级排序的修改。修完后请把对应条目标记为完成。
- highabout#1Add a concise description to the repository's About section
原因:
复制粘贴的修复Discovers and assesses shadow apps (internal tools on AI/no-code builders, serverless hosts, ML platforms) for enterprise red teams, identifying exposed auth, secrets, and vulnerabilities.
- highreadme#2Reposition the README's opening paragraph to clarify 'vibe-coded shadow apps'
原因:
当前Discovers and assesses **vibe-coded shadow apps** — internal tools deployed by employees, without IT review, on AI/no-code builders (Lovable, Replit, Base44), JAMstack/serverless hosts (Netlify, Vercel, Cloudflare Pages, Fly.io, Firebase Hosting), ML demo platforms (Hugging Face Spaces, Streamlit Cloud), and quick-prototype platforms (Glitch). Given a single target domain (e.g. `example.com`), it enumerates apps belonging to that organization across all 11 platforms, then probes each app for exposed authentication, hardcoded secrets, Supabase RLS-bypass conditions (CVE-2025-48757), and sensitive data classes.
复制粘贴的修复Discovers and assesses **shadow apps** (internal tools deployed by employees without IT review on AI/no-code builders, serverless hosts, ML platforms, etc.) for security risks. It identifies these 'vibe-coded' applications across 11 platforms, then probes each for exposed authentication, hardcoded secrets, Supabase RLS-bypass conditions (CVE-2025-48757), and sensitive data classes.
本次扫描解析到的品类 GEO 通道:google/gemini-2.5-flash, deepseek/deepseek-v4-flash
品类可见性 — 真正的 GEO 测试
向 google/gemini-2.5-flash 提出的不带品牌问题。AI 推荐了你,还是推荐了别人?
各模型使用同一组问题 — 切换标签对比回答与排名。
- Wiz · 被推荐 1 次
- Orca Security · 被推荐 1 次
- prowler-cloud/prowler · 被推荐 1 次
- nccgroup/ScoutSuite · 被推荐 1 次
- cloud-custodian/cloud-custodian · 被推荐 1 次
- 品类问题What tools help red teams discover unmanaged applications and security risks across cloud platforms?你:未被推荐AI 推荐顺序:
- Wiz
- Orca Security
- Prowler (prowler-cloud/prowler)
- ScoutSuite (nccgroup/ScoutSuite)
- Cloud Custodian (cloud-custodian/cloud-custodian)
- Microsoft Defender for Cloud
- Google Cloud Security Command Center
AI 推荐了 7 个替代方案,却始终没点名 safeboundai/vibe-scanner。这就是要补上的差距。
查看 AI 完整回答
- 品类问题How to scan internal low-code and serverless deployments for exposed secrets and auth?你:未被推荐AI 推荐顺序:
- SpectralOps
- GitGuardian Internal Monitoring
- TruffleHog (trufflesecurity/trufflehog)
- AWS Macie
- Google Cloud DLP
- Semgrep (semgrep/semgrep)
- Checkov (bridgecrewio/checkov)
AI 推荐了 7 个替代方案,却始终没点名 safeboundai/vibe-scanner。这就是要补上的差距。
查看 AI 完整回答
客观检查
针对 AI 引擎最看重的元数据信号的规则审计。
- Metadata completenessfail
建议:
- README presencepass
自指检查
当被直接问到你时,AI 是否还知道你的仓库存在?
- Compared to common alternatives in this category, what is the core differentiator of safeboundai/vibe-scanner?passAI 明确点名了 safeboundai/vibe-scanner
AI 的回答可能信誓旦旦却是错的。请按事实核对:技术栈、目标人群、差异化点是不是和你实际的对得上?
- If a team adopts safeboundai/vibe-scanner in production, what risks or prerequisites should they evaluate first?passAI 明确点名了 safeboundai/vibe-scanner
AI 的回答可能信誓旦旦却是错的。请按事实核对:技术栈、目标人群、差异化点是不是和你实际的对得上?
- In one sentence, what problem does the repo safeboundai/vibe-scanner solve, and who is the primary audience?passAI 未点名 safeboundai/vibe-scanner —— 很可能在说另一个项目
AI 的回答可能信誓旦旦却是错的。请按事实核对:技术栈、目标人群、差异化点是不是和你实际的对得上?
嵌入你的 GEO 徽章
把这个徽章贴进 safeboundai/vibe-scanner 的 README。每次重新扫描都会自动更新,并跳到最新报告——是「我在乎 AI 可发现性」最简单的公开证明。
实时预览[](https://repogeo.com/zh/r/safeboundai/vibe-scanner)<a href="https://repogeo.com/zh/r/safeboundai/vibe-scanner"><img src="https://repogeo.com/badge/safeboundai/vibe-scanner.svg" alt="RepoGEO" /></a>订阅 Pro,解锁深度诊断
safeboundai/vibe-scanner — 轻量扫描仍免费;本卡列出 Pro 相对轻量的深度额度。
- 深度报告每月 10 次
- 无品牌品类查询5,轻量 2
- 优先行动项8,轻量 3