Free checks, straight from the agent
Instant checks for the gaps AI builders leave behind. No signup, no code access — just paste your URL and talk to the agent.
Supabase exposure checker
The Supabase service_role key bypasses every security policy. If it reaches the browser bundle — common in AI-built apps — anyone can read and write your entire database. Missing Row-Level Security has the same effect with just the anon key.
Security headers checker
Missing security headers leave your app open to cross-site scripting, clickjacking, and downgrade attacks. AI-generated apps almost never set them, because no one tells the model to.
.env file exposure checker
A publicly downloadable .env file hands attackers every secret your app has — database URLs, API keys, tokens. Default deployments on some AI platforms leave these reachable.
