Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Claude Code -> WriteFile -> Semgrep -> Classifier (to prevent security bug)

0
Medium
Security-newscybersecurityreddit
Published: 07/01/2026 (07/01/2026, 19:43:51 UTC)
Source: Reddit Cybersecurity

Description

VibeGate is a security tool designed as a pre-write hook for AI coding assistants like Claude Code and Codex. It intercepts every file write operation, scanning the new code with Semgrep to detect unsanitized user input flowing into risky sinks such as SQL queries, shell commands, or HTTP responses. Depending on the risk level, it either allows the file to be saved silently, saves it with a warning, or blocks the save entirely to prevent potential security bugs. The tool supports multiple programming languages and aims to reduce token usage compared to loading large secure coding instructions into AI assistants. It is open source and can be integrated per project to improve secure coding practices automatically.

Reddit Discussion

r/cybersecurity·posted by u/theMiddleBlue
00

Hi all,

not sure this is the right approach, but I've been testing it in my coding agent. Every time it writes a file, the hook runs Semgrep against it to catch unsanitized user input, then acts as a classifier: it blocks on critical stuff or surfaces a warning depending on the type of input involved. Ends up saving a lot of tokens compared to loading a secure coding skill.

if anyone wants to check the code and give me some feedback, it would be really appreciated :)
https://github.com/theMiddleBlue/vibegate

I started building it as a Claude Code hook after noticing that both Sonnet and Opus often fail to sanitize URLs, leading to SSRF and DNS rebinding, and IMO this is kind of hard to spot than the more obvious stuff like XSS or open redirects.

What do you think? Thanks!

Links cited in this discussion

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 07/01/2026, 19:51:26 UTC

Technical Analysis

VibeGate acts as a security checkpoint for AI coding tools by running static analysis (via Semgrep) on code before it is written to disk. It detects user-controlled input and classifies the risk based on the data type and sink involved. Critical risks such as unsanitized input reaching SQL queries, shell commands, or template engines cause the write operation to be blocked, while moderate risks generate warnings. This approach prevents common security bugs like SQL injection, command injection, SSRF, and XSS from being introduced by AI-generated code. VibeGate supports Python, JavaScript/TypeScript, Go, Java, PHP, and Ruby, and integrates with Claude Code and Codex. It is designed to be fast, deterministic, and token-efficient, avoiding reliance on LLMs for analysis. The tool is open source and extensible with additional languages, data types, and sinks.

Potential Impact

VibeGate helps prevent the introduction of security vulnerabilities in code generated by AI coding assistants by blocking or warning about unsafe patterns before the code is saved. It reduces the risk of critical security bugs such as SQL injection, command injection, SSRF, DNS rebinding, and XSS caused by unsanitized user input. By intercepting risky code early, it can improve the security posture of development projects using AI-assisted coding. There are no known exploits in the wild related to VibeGate itself, as it is a protective tool rather than a vulnerability.

Mitigation Recommendations

VibeGate is a proactive security tool that must be installed and enabled in the development environment to function. Installation is done via pipx from the GitHub repository, and it is enabled per project. Once enabled, it automatically scans code writes and blocks or warns about risky patterns. Users should keep VibeGate and its Semgrep rules updated to maintain coverage of new risks. If a flagged finding is a false positive or intentionally safe, it can be suppressed with inline comments. No official patch or fix is needed as this is a security enhancement tool, not a vulnerability. Users should review the GitHub repository for updates and usage instructions.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Source Type
reddit
Subreddit
cybersecurity
Reddit Score
0
Discussion Level
minimal
Content Source
reddit_link_post
Post Type
link
Domain
null
Newsworthiness Assessment
{"score":27,"reasons":["external_link","established_author","very_recent"],"isNewsworthy":true,"foundNewsworthy":[],"foundNonNewsworthy":[]}
Has External Source
true
Trusted Domain
false

Threat ID: 6a456fb727e9c797190969f2

Added to database: 07/01/2026, 19:51:19 UTC

Last enriched: 07/01/2026, 19:51:26 UTC

Last updated: 07/02/2026, 03:21:16 UTC

Views: 23

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses