Claude Code -> WriteFile -> Semgrep -> Classifier (to prevent security bug)
VibeGate is a security tool designed as a pre-write hook for AI coding assistants like Claude Code and Codex. It intercepts every file write operation, scanning the new code with Semgrep to detect unsanitized user input flowing into risky sinks such as SQL queries, shell commands, or HTTP responses. Depending on the risk level, it either allows the file to be saved silently, saves it with a warning, or blocks the save entirely to prevent potential security bugs. The tool supports multiple programming languages and aims to reduce token usage compared to loading large secure coding instructions into AI assistants. It is open source and can be integrated per project to improve secure coding practices automatically.
AI Analysis
Technical Summary
VibeGate acts as a security checkpoint for AI coding tools by running static analysis (via Semgrep) on code before it is written to disk. It detects user-controlled input and classifies the risk based on the data type and sink involved. Critical risks such as unsanitized input reaching SQL queries, shell commands, or template engines cause the write operation to be blocked, while moderate risks generate warnings. This approach prevents common security bugs like SQL injection, command injection, SSRF, and XSS from being introduced by AI-generated code. VibeGate supports Python, JavaScript/TypeScript, Go, Java, PHP, and Ruby, and integrates with Claude Code and Codex. It is designed to be fast, deterministic, and token-efficient, avoiding reliance on LLMs for analysis. The tool is open source and extensible with additional languages, data types, and sinks.
Potential Impact
VibeGate helps prevent the introduction of security vulnerabilities in code generated by AI coding assistants by blocking or warning about unsafe patterns before the code is saved. It reduces the risk of critical security bugs such as SQL injection, command injection, SSRF, DNS rebinding, and XSS caused by unsanitized user input. By intercepting risky code early, it can improve the security posture of development projects using AI-assisted coding. There are no known exploits in the wild related to VibeGate itself, as it is a protective tool rather than a vulnerability.
Mitigation Recommendations
VibeGate is a proactive security tool that must be installed and enabled in the development environment to function. Installation is done via pipx from the GitHub repository, and it is enabled per project. Once enabled, it automatically scans code writes and blocks or warns about risky patterns. Users should keep VibeGate and its Semgrep rules updated to maintain coverage of new risks. If a flagged finding is a false positive or intentionally safe, it can be suppressed with inline comments. No official patch or fix is needed as this is a security enhancement tool, not a vulnerability. Users should review the GitHub repository for updates and usage instructions.
Claude Code -> WriteFile -> Semgrep -> Classifier (to prevent security bug)
Description
VibeGate is a security tool designed as a pre-write hook for AI coding assistants like Claude Code and Codex. It intercepts every file write operation, scanning the new code with Semgrep to detect unsanitized user input flowing into risky sinks such as SQL queries, shell commands, or HTTP responses. Depending on the risk level, it either allows the file to be saved silently, saves it with a warning, or blocks the save entirely to prevent potential security bugs. The tool supports multiple programming languages and aims to reduce token usage compared to loading large secure coding instructions into AI assistants. It is open source and can be integrated per project to improve secure coding practices automatically.
Reddit Discussion
Hi all,
not sure this is the right approach, but I've been testing it in my coding agent. Every time it writes a file, the hook runs Semgrep against it to catch unsanitized user input, then acts as a classifier: it blocks on critical stuff or surfaces a warning depending on the type of input involved. Ends up saving a lot of tokens compared to loading a secure coding skill.
if anyone wants to check the code and give me some feedback, it would be really appreciated :)
https://github.com/theMiddleBlue/vibegate
I started building it as a Claude Code hook after noticing that both Sonnet and Opus often fail to sanitize URLs, leading to SSRF and DNS rebinding, and IMO this is kind of hard to spot than the more obvious stuff like XSS or open redirects.
What do you think? Thanks!
Links cited in this discussion
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
VibeGate acts as a security checkpoint for AI coding tools by running static analysis (via Semgrep) on code before it is written to disk. It detects user-controlled input and classifies the risk based on the data type and sink involved. Critical risks such as unsanitized input reaching SQL queries, shell commands, or template engines cause the write operation to be blocked, while moderate risks generate warnings. This approach prevents common security bugs like SQL injection, command injection, SSRF, and XSS from being introduced by AI-generated code. VibeGate supports Python, JavaScript/TypeScript, Go, Java, PHP, and Ruby, and integrates with Claude Code and Codex. It is designed to be fast, deterministic, and token-efficient, avoiding reliance on LLMs for analysis. The tool is open source and extensible with additional languages, data types, and sinks.
Potential Impact
VibeGate helps prevent the introduction of security vulnerabilities in code generated by AI coding assistants by blocking or warning about unsafe patterns before the code is saved. It reduces the risk of critical security bugs such as SQL injection, command injection, SSRF, DNS rebinding, and XSS caused by unsanitized user input. By intercepting risky code early, it can improve the security posture of development projects using AI-assisted coding. There are no known exploits in the wild related to VibeGate itself, as it is a protective tool rather than a vulnerability.
Mitigation Recommendations
VibeGate is a proactive security tool that must be installed and enabled in the development environment to function. Installation is done via pipx from the GitHub repository, and it is enabled per project. Once enabled, it automatically scans code writes and blocks or warns about risky patterns. Users should keep VibeGate and its Semgrep rules updated to maintain coverage of new risks. If a flagged finding is a false positive or intentionally safe, it can be suppressed with inline comments. No official patch or fix is needed as this is a security enhancement tool, not a vulnerability. Users should review the GitHub repository for updates and usage instructions.
Technical Details
- Source Type
- Subreddit
- cybersecurity
- Reddit Score
- 0
- Discussion Level
- minimal
- Content Source
- reddit_link_post
- Post Type
- link
- Domain
- null
- Newsworthiness Assessment
- {"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
- Has External Source
- true
- Trusted Domain
- false
Threat ID: 6a456fb727e9c797190969f2
Added to database: 07/01/2026, 19:51:19 UTC
Last enriched: 07/01/2026, 19:51:26 UTC
Last updated: 07/02/2026, 03:21:16 UTC
Views: 23
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.