Catch production bugs, security holes, and AI blind spots before you push.
curl -fsSL https://raw.githubusercontent.com/codecoincognition/vibe-guard-skills/main/install.sh | bash
vibe-guard-skills is a set of Claude Code skills that audits your code before you commit or push. It runs three sequential passes, each targeting a different class of problem: production resilience, security, and comprehension. The entire audit runs inside your local Claude Code session — no code leaves your machine and no external API calls are made beyond your existing Claude Code subscription.
The three skills are /vibe-check, which detects production resilience failures such as N+1 queries, missing error handling, null edge cases, resource leaks, and scale problems; /vibe-secure, which identifies security vulnerabilities including hardcoded secrets, injection surfaces, missing authentication, and insecure defaults; and /vibe-explain, which maps cognitive debt — opaque code blocks, magic numbers, hidden assumptions, and implicit contracts that make code hard to safely modify.
Unlike static analysis tools, vibe-guard-skills uses Claude's reasoning to detect semantic issues that require understanding intent. It catches logic bugs, security holes, and comprehension problems that linters structurally cannot find. It is designed to run as part of a pre-push workflow — either manually invoked or via the optional git hook that blocks pushes when critical issues are found.
Detects N+1 queries, missing error handling, null edge cases, resource leaks, and scale failures before they reach production. Run with /vibe-check.
Finds hardcoded secrets, SQL and command injection surfaces, path traversal, missing auth checks, and supply chain risks that standard linters miss. Run with /vibe-secure.
Flags opaque code, magic numbers, and hidden assumptions that create cognitive debt. Helps future maintainers — including yourself — modify code safely. Run with /vibe-explain.
Use --quick for rapid mid-edit checks, --full for comprehensive repository scans. Optional pre-push git hook blocks pushes when critical findings are present.
Run the one-line install script. Skills are deployed to ~/.claude/skills/ for global use or .claude/skills/ for project-specific use. No restart required.
Open Claude Code in your project. Run /vibe-check, /vibe-secure, or /vibe-explain individually, or /vibe-guard to run all three in sequence.
Claude audits your uncommitted changes by default, or the full repository with --full. It returns a categorized report of issues with severity levels and suggested fixes.
Fix flagged issues before committing. Optionally enable the pre-push git hook, which blocks pushes automatically when critical findings are present.
vibe-guard-skills is a set of Claude Code skills that audits your code before you push. It runs three sequential passes: /vibe-check detects production resilience issues, /vibe-secure identifies security vulnerabilities, and /vibe-explain surfaces cognitive debt. It runs entirely within your Claude Code session with no external API calls and no code leaving your machine.
Run this command in your terminal: curl -fsSL https://raw.githubusercontent.com/codecoincognition/vibe-guard-skills/main/install.sh | bash. This installs the skills to ~/.claude/skills/ for global use or .claude/skills/ for project-specific use. No restart required.
/vibe-check audits for production resilience issues including N+1 database queries, missing error handling, null and undefined edge cases, resource leaks, scale failures under load, and data integrity problems that could cause incidents in production.
/vibe-secure scans for security vulnerabilities including hardcoded secrets and API keys, SQL and command injection surfaces, path traversal vulnerabilities, missing authentication and authorization checks, insecure default configurations, and supply chain risks in dependencies.
/vibe-explain identifies cognitive debt: opaque code blocks that are hard to understand, magic numbers with no context, hidden assumptions that are not documented, and implicit contracts between components. It helps future maintainers — including yourself — safely modify code without breaking things.
No. vibe-guard-skills runs entirely within your local Claude Code session. No external API calls are made beyond your existing Claude Code subscription, and no code leaves your machine.
A linter checks syntax and style rules through static analysis. vibe-guard-skills uses Claude's reasoning to detect semantic issues — logic bugs, security holes, and comprehension problems that require understanding intent, not just pattern matching. It catches things ESLint, Pylint, and similar tools structurally cannot.