Is your Claude Code workflow dangerous for production?
Generate a local security report showing whether your Claude Code behavior is safe, risky, or dangerous in production.
npx cc-vibeguardTrack the patterns that make Claude Code usage risky.
cc-vibeguard parses transcript and tool activity locally on your device, groups it into concrete security risk categories, and shows where Claude Code is reading secrets, running dangerous commands, bypassing permissions, or operating with too much autonomy.
Secrets exposure
See when secret handling becomes a habit, not a one-off.
The report measures exposed keys, .env reads, credential patterns, and repeated secret handling across projects so risky behavior shows up as a pattern, not an anecdote.
- Counts secret types and repeated exposures across projects
- Separates reads, writes, and environment file touch points
- Highlights the bad habits and hotspots that deserve attention
secret exposure
14/100
reads
225
writes
55
projects
10
Remote access and commands
Measure when Claude starts acting too close to production.
Vibeguard tracks SSH usage, remote command patterns, and destructive shell behavior so you can see where assistance turns into risky operational behavior.
- Separates interactive SSH from remote command execution
- Groups destructive commands by severity and category
- Calls out force pushes, resets, and other high-risk patterns
remote and commands
1,031 ssh
top host
prod-host-01
remote user
ops-user@remote-a
internal box
internal-box-03
Permission discipline
Show where speed is winning over guardrails.
Bypass mode, approval patterns, autonomous agents, and human overrides are stitched into one view so you can measure how supervised the workflow really is.
- Tracks bypass vs default permission modes over time
- Surfaces agent spawning and oversight behavior
- Counts denials, interrupts, and destructive catches
Ranked output
End with a report people can actually read and compare.
The final report condenses raw behavior into an overall score, risk priorities, and a developer ranking that is easy to review, discuss, and share inside a team.
- Builds a weighted overall safety score
- Summarizes the biggest risks and what is working well
- Generates a clear report that can be shared internally
final rank
The Boundary Pusher
Fast, productive, and a little too comfortable around production-shaped edges.
Secrets
14
Remote
56
Commands
23
Oversight
30
The scan stays local. The report is yours.
cc-vibeguard reads local Claude Code transcript history, calculates the metrics on your machine, and writes an HTML report you can inspect or share. Nothing ever leaves your device.
No transcripts uploaded
Zero network calls
Your prompts, code, and project contents never touch a hosted dashboard.
Reads transcripts in place
Parses Claude Code history directly from disk and keeps every byte there.
HTML report output
Readable and portable
One self-contained HTML file. Open it in any browser, no server required.
Shareable on your terms
Inspect raw metrics, share the file with a teammate, or archive it for later review.
Built for peer review
Self-audit or team check-in
Run it on yourself, compare with a teammate, or use inside a team to spot shared bad habits.
Measurable, not anecdotal
Hidden risk patterns become concrete numbers instead of hallway conversations.
Join vibenalytics
Want to measure the tokens, tools, and sessions behind every Claude Code project? Vibenalytics turns your day-to-day AI work into one live dashboard - usage, costs, patterns, all of it.
curl -fsSL https://vibenalytics.dev/install.sh | bash