Exploit for ritesh-security-check

Name: Exploit for ritesh-security-check
Rating: 5 (6 reviews)
2026-06-24 | CVSS 5.9
## https://sploitus.com/exploit?id=FAF88B42-E4E8-5324-9F0C-4D51FA034454
# Ritesh Security Check

A portable security-audit ruleset for **AI-generated / "vibe-coded" apps** (Next.js, React, Vite,
Supabase, Firebase). It's a do/don't checklist + a tool-prescribing workflow that hunts data leaks,
exposed secrets, broken access control, and the misconfigurations that get a shipped app breached or sued.
It prioritizes **maximum-capability security tools over fast/easy ones**.

> Not legal advice. The legal section maps regimes (GDPR/CCPA/PCI/HIPAA/COPPA) to engineering checks.

## What's in here

| File | Use it in |
|------|-----------|
| `ritesh-security-check.md` | **The full guide** — paste into any tool, or read by hand. Source of truth. |
| `AGENTS.md` | Universal agent-instructions file (Cursor, Aider, and any tool that reads `AGENTS.md`) |
| `.cursor/rules/ritesh-security-check.mdc` | **Cursor** (auto-applied rule) |
| `.windsurfrules` | **Windsurf** |
| `.github/copilot-instructions.md` | **GitHub Copilot** (VS Code / JetBrains) |

The detailed appendices (backend, frontend, tooling, legal, checklist) are all inside
`ritesh-security-check.md`. The condensed always-on rules live in `AGENTS.md` and the adapters.

## Install per tool

- **Claude Code** — already installed as the `ritesh-security-check` skill (`~/.claude/skills/ritesh-security-check/`).
  Just say *"use ritesh security check on this repo"* or *"audit this for security"*.
- **Cursor** — copy `.cursor/` into your repo root. The rule auto-applies. (Or paste `ritesh-security-check.md` into Settings → Rules.)
- **Windsurf** — copy `.windsurfrules` to your repo root.
- **GitHub Copilot** — copy `.github/copilot-instructions.md` into your repo. Enable "Use instruction files" in settings.
- **Cline / Continue / Aider / Cody / Roo** — copy `AGENTS.md` to the repo root (most read it), or paste `ritesh-security-check.md` into the tool's custom-instructions / rules box.
- **ChatGPT / any chat** — paste `ritesh-security-check.md` and say "audit my app against this."
- **By hand** — open `ritesh-security-check.md`, work the checklist, run the tool gate.

To drop it into a project in one step:
```bash
cp -r ~/ritesh-security-check/{.cursor,.windsurfrules,.github,AGENTS.md,ritesh-security-check.md} /path/to/your/project/
```

## How to run an audit

Work top-down — the secrets sweep and the backend RLS/Rules check are where the catastrophic, headline /
lawsuit-grade breaches actually happen in vibe-coded apps. Treat any finding there as **release-blocking**.
Full workflow, the 12 most common killers, greps, fixes, the tool-gate run order, and the legal stop-ship
list are in `ritesh-security-check.md`.

## Grounding

Built from current (2025–2026) sources and real incidents: CVE-2025-48757 (Lovable/Supabase missing RLS),
CVE-2025-29927 (Next.js middleware auth bypass), the Moltbook breach, the Sept 2025 npm supply-chain
attack, OWASP Top 10:2025 / API Top 10, GitGuardian secrets data. Recommended toolchain: gitleaks,
TruffleHog, Semgrep, CodeQL, osv-scanner, Socket, Trivy, Checkov, OWASP ZAP, Nuclei, testssl.sh.