Jaconir
Security Sanity Check for AI-Generated Apps

Is Your Vibe-Coded App
Actually Secure?

Cursor, Lovable, and Bolt ship apps fast — but skip the security basics. Scan for exposed secrets, open debug routes, missing headers, infrastructure leaks, and more in 10 seconds.

23 secret patterns/.env & /.git checksHTTP headers + CORSRate limit detectionAI fix prompts

Passive analysis only — no active exploits. Only scan sites you own or have permission to test.

Built for AI-Generated Apps

Cursor, Lovable, and Bolt ship fast but skip security basics. This tool catches the exact mistakes AI codegen misses.

10-Second Full Scan

Client-side HTML analysis + server-side header scan + infrastructure probes — all in parallel, done in seconds.

AI Fix Prompts Included

Every finding has a prompt you paste into Cursor or ChatGPT. The AI makes the exact code changes — no security knowledge needed.

What gets checked

The security mistakes AI-generated apps make most often — automated in one scan.

Secrets & Credentials

  • 23 API key patterns: AWS, Stripe, OpenAI, Anthropic, Firebase, Supabase, GitHub, Shopify
  • Hardcoded passwords and private key blocks
  • Database connection strings
  • JWT tokens in source
  • Internal IPs and debug stack traces

Infrastructure Exposure

  • /.env, /.env.local, /.env.production files
  • /.git/config and /.git/HEAD (full source leak)
  • backup.sql, dump.sql, backup.zip files
  • /api/debug, /api/admin, /admin routes
  • Directory listing and phpinfo.php detection

Code & API Risks

  • eval(), innerHTML, document.write() patterns
  • CORS wildcard (Access-Control-Allow-Origin: *)
  • Rate limiting header detection
  • Mixed HTTP content on HTTPS pages
  • Cookie security flags (HttpOnly, Secure, SameSite)

Headers & Dependencies

  • HSTS, X-Frame-Options, X-Content-Type-Options
  • CSP, Referrer-Policy, Permissions-Policy
  • Server technology leakage (X-Powered-By, Server)
  • SRI on external CDN scripts and stylesheets
  • 6 library CVEs: jQuery, Bootstrap, Lodash, Angular 1.x, Axios

Secure Cloud Hosting

Host your apps on trusted, high-security infrastructure. Get $200 credit to start today.

DigitalOceanBuild Securely
AD

Sponsored Feature

Support Jaconir Lab by using our partner links. We only recommend tools that improve your engineering workflow.

Launch securely in 3 steps

Takes under 5 minutes. Works for any AI-generated app before launch.

  1. 1

    Paste your URL and scan

    Enter your Lovable, Bolt, or v0 app URL. The scan runs in about 10 seconds.

  2. 2

    Review findings by severity

    Start with Critical (fix immediately), then High, then Medium. Each finding explains exactly what the risk is.

  3. 3

    Copy AI Fix Prompt → paste into Cursor

    Click the prompt button on any finding, paste into your AI tool, and the fix is done. Re-scan to verify.

Frequently asked questions

Security sorted? Now check your SEO.

Audit meta tags, headings, Open Graph, and keyword consistency.

SEO Audit Tool