Bleek.dev - Find the security leaks in your vibe-coded app - free
by•
Built an app with Lovable, Bolt, or v0? bleek scans it for the stuff those tools skip: leaked API keys, databases anyone can read, missing security headers. Free, no signup, done in seconds.
Replies
Best
Maker
📌
Hey everyone
Honest origin story: a buddy of mine was running a small SaaS and getting wrecked on free trials. People kept signing up with throwaway emails and the same card to farm the trial over and over. While I was in there helping him fix it, I noticed his app had other stuff wide open too - a database table you could just read, keys sitting in the page source.
Then I started checking other apps built with these AI tools. Almost all of them had something.
So I built bleek. It started as a way to check his app, and now anyone can use it. You paste your URL, it checks for the common leaks, and tells you what to fix in plain English.
Still early, so I'm mostly here for feedback. If you built something, run it and tell me if anything looked off or confusing. That helps me way more than an upvote.
Thanks for checking it out
Report
ran bleek on a side project i shipped with bolt last week and it caught an exposed supabase key i totally missed. honestly wish this existed before i pushed to prod
Report
ran it against a side project i shipped last week and it actually caught a supabase key i forgot to rotate. the fact that it's free and doesn't ask for an account is wild, this should just be a default step before deploying anything.
Replies
ran bleek on a side project i shipped with bolt last week and it caught an exposed supabase key i totally missed. honestly wish this existed before i pushed to prod
ran it against a side project i shipped last week and it actually caught a supabase key i forgot to rotate. the fact that it's free and doesn't ask for an account is wild, this should just be a default step before deploying anything.