AINAScan detects 33 security vulnerabilities + 15 vibe-coding patterns in AI-generated code β deterministic AST, no LLM, always the same result.
vg_free_test for full Pro access β no signup required.
# Try it in 30 seconds curl -X POST https://pleasing-transformation-production-90c2.up.railway.app/v1/scan \ -H "X-API-Key: vg_free_test" \ -F "file=@your_file.py"
AI generates save_user(data) that validates input but never runs INSERT or UPDATE.
async def fetch(): that never awaits β runs synchronously, blocking the event loop.
Functions that just return {} or return None with no real logic.
Calls 3 external services, discards all results, returns a constant.
40-key hardcoded dictionary where a DB query belongs.
Plus 33 standard security patterns across 9 languages.
| AINAScan | Bandit | Semgrep | CodeRabbit | |
|---|---|---|---|---|
| Vibe-coding patterns (15) | β Dedicated | β | β | β |
| Deterministic AST | β | β | β | β LLM |
| No code storage | β | β | β | β |
| 9 languages | β | β Python only | β | β |
| GitHub Action | β | β | β | β |
| Free tier | β 50 files/day | β | limited | β |
# .github/workflows/vibeguard.yml name: VibeGuard Security Scan on: [pull_request] jobs: scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: Moonsehwan/aina-vibeguard-action@v1 with: api-key: \${{ secrets.VIBEGUARD_KEY }} fail-on-block: 'true'