AINAScan - Scan AI-generated code: 48 bug patterns, 9 languages

by
AST scanner for AI-generated code bugs. 48 patterns: MISSING_WRITE, FAKE_ASYNC, SQL_INJECTION_RISK, COMMAND_INJECTION, HARDCODED_SECRET, STUB_SKELETON, BUFFER_OVERFLOW + 41 more. 9 langs: Python, JS, TS, Go, Java, PHP, Ruby, Kotlin, C/C++. Catches what Semgrep/Bandit miss: structurally valid code that doesn't do what the function name says. P=R=F1=100% on 90-case benchmark. Free: key vg_free_test, no signup.

Add a comment

Replies

Best
Maker
📌
Hey PH! 👋 I built AINAScan after scanning a few popular vibe-coded repos and finding critical security bugs in every single one — bugs that passed code review undetected. The pattern was always the same: AI writes save_user() that returns {"status": "saved"} with no actual database write. Or async def fetch() with no await. Standard linters don't catch these because they're structurally valid code — just completely broken logic. So I built a deterministic AST scanner with 15 patterns specific to AI-generated code. No LLM, no hallucinations — same code always gives the same result. Try it free right now: curl -X POST \ -H "X-API-Key: vg_free_test" \ -F ".py" Or add it to GitHub CI in 3 lines → Moonsehwan/aina-vibeguard-action () Would love to hear what vibe-coding bugs you're seeing in the wild. 🙏

Hi Product Hunt! I'm the maker of AINAScan.

Built this after spending too much time reviewing AI-generated code that looked fine on the surface but had subtle bugs — save_user() functions that never write to the database, async def without any await silently blocking the event loop, f-string SQL that passes code review because it looks like the right shape.

Standard linters miss these because the code is syntactically valid. AINAScan is purpose-built for exactly this pattern.

Happy to answer any questions — what AI-gen bugs are you running into most in your codebase?