// Trust isn't given. It's scanned.

Find the leaksbefore attackersdo._

> Catch the leak before it leaks you.

VibeLeak scans your entire digital surface to expose trust gaps, misconfigurations, and hidden risks before they become breaches.

Free Instant No account required

0 sites scanned-0 findings surfaced-Sign in to save history

vibeleak@trust-surface:~$

VIBELEAK_SURFACE_SCAN

SCAN_ACTIVE

Targetpublic web

ModuleTRUSTSCAN

Signal4 header gaps

Scan pipeline

Elapsed: 00:00:09

Active probe

Read browser policy

CSP, HSTS, framing, MIME posture

Headers68

Deploy58

AI routes73

Public surface findings

66/100

Trust score

C

Grade

07

Findings

+8 pts

Fastest lift

Overall progress

43%

> trustscan :: CSP, HSTS, framing, MIME posture

> node 52.8,18.3 locked for public-surface review

> 4 header gaps queued into priority model

> rescan proof will attach after deploy

Live signal

// Trust surface map

Map the public surface that shapes your grade

VibeLeak works best when it stays honest about the public surface: the stuff a browser, crawler, client, or attacker can already inspect without deep access.

External perspective

See your assets the outside world sees - no logins, no access needed.

Real-world signals

We validate misconfigurations, exposures, and outdated tech in the wild.

Actionable output

You get a prioritized list, severity map, and a clear trust grade.

View full sample report

One public request. Layers of insight.

Scan ID: VLK-24A7FC1

35

score

Surface digest

D

One critical public exposure caps this sample at D. Fix that first; a second critical would push the report to F.

Trust score

35/100

Trust grade

D

Critical

1

High

1

Risk stack

4 findings

Critical1

High1

Low1

Info1

Modules

8

Checks

189

Findings

4

Active layer readout

TLS / Certificate

Medium

HTTPS enabled, redirect posture healthy, cert expires in 23 days

Signal

72/100

Meaning

Holding steady

Layer strength72/100

Layer queue

9 signals

6 more signals rotate through the active readout.

Mobile view compresses the remaining 6 signals into the active layer readout.

// Priority loop

Turn surface findings into shipped fixes

VibeLeak turns public-surface findings into a fix sequence: what to patch first, why it matters, and what the live recheck should prove.

Impact weighted

Severity, exposure, and lift decide what should ship before anything else.

Action shaped

Each finding becomes a concrete patch target instead of a vague warning.

Proof loop

Recheck the live response and confirm the grade moved before calling it done.

01scan

02rank

03patch

04prove

Priority engine

Queue updated: 2 min ago

Fix lift preview

A after policy

B

80

Now

96

After policy fix

A

Lift

+16 pts

First pass

14 min

Proof

rescan

Next patch

Ship browser policy

High

Add a baseline CSP and enforce HSTS after HTTPS is verified.

Why first

A single high finding keeps this sample in B until the policy is present.

Done when

CSP and HSTS headers present

RankPatch targetProofModuleLift

01

Ship browser policy

High

CSP and HSTS missing - A single high finding keeps this sample in B until the policy is present.

CSP and HSTS headers presentTrustScan+16 pts

02

Publish security.txt

Low

Disclosure route missing - Low-severity trust cue that cleans up the handoff after the blocker is gone.

security.txt returns 200ThreatSurface+3 pts

03

Reduce stack fingerprint

Info

Framework fingerprint visible - Informational cleanup after the material findings are handled.

No unnecessary version hintsTechScan+1 pt

1 more queued after the first pass.

>_ Patch in order. Recheck the live URL after deploy.

Open fix queue

// Markdown export

export_handoff.md

Export findings. Hand off to your AI agent.

Signed-in owners can export a structured Markdown report - one file with grade, evidence, and exact remediation steps. Free accounts get this full handoff during the launch window; public links stay redacted.

01

Executive summary

Grade, target, severity mix, and the fastest lift to move the score.

02

Findings by module

Evidence, why it matters, and plain remediation for every surfaced issue.

03

AI visibility next steps

A clean markdown structure you can paste into your team stack or straight into an AI workflow.

vibeleak_surface_scan_report.md

> export surface_scan --markdown --agent-ready_

target=https://your-site.com scan_id=VLK-24A7FC1

Grade

D

Score

39 / 100

Blockers

2

Fastest lift

+45 pts

## Top Findings

01Production API key exposedCriticalAIGuardCritical+45 pts

02CSP and HSTS missingHighTrustScanHigh+16 pts

## Remediation

Revoke exposed production keys and move sensitive calls server-side.
Ship CSP and HSTS after the key exposure is contained.

modules

8

checks

189

proof

rescan

> handoff_ready=true next=apply_fixes_

Handoff pipeline

ScanMarkdown fileAI agent

Works with your AI agent

Claude Code

Codex

OpenCode

Kilo Code

BlackBox AI

OpenClaw

Hermes Agent

Cursor

Windsurf

Qwen CLI

Antigravity

Factory

VibeSignal AI visibility

See how AI systems read your site.

See whether systems like ChatGPT, Perplexity, Claude, Grok, and Gemini can find, read, and use your public site - and surface the fixes that improve AI visibility.

Observed against

ChatGPT

Perplexity

Claude

Grok

Gemini

vibesignal - scan

Scan ID: VLK-24A7FC1

> vibesignal scan https://yoursite.com_

Opening passive AI signal probe...

GET /llms.txt ................................Agent-readable mapAgent-readable mapFound

Parse robots.txt ................................AI crawler policyAI crawler policyAllowed

Trace sitemap + canonicals ................................Preferred URLsPreferred URLsPresent

Read JSON-LD entities ................................Organization contextOrganization contextPartial

Probe MCP discovery .................................well-known/mcp.json.well-known/mcp.jsonMissing

Detect commerce readiness ................................Pricing and Offer cuesPricing and Offer cuesPartial

VibeSignal Score: 58/100 - Partial Signal

-> 3 fixes found. Export .md for your agent.

>_ Mode: VibeSignal onlyElapsed: 00:00:07Status: Complete

Signal breakdown

Five categories. Max 20 each.

58/100

Partial

Discoverabilityrobots, sitemap, canonical

14/20

max 20

Content Accessllms.txt, schema, markdown

14/20

max 20

Bot AccessAI bot policy signals

11/20

max 20

Protocol DiscoveryMCP, agent, API docs

7/20

max 20

Commerce Readinesspricing and Offer cues

12/20

max 20

Markdown fix lists you can hand straight to an AI agent or a developer.

Rescan after you deploy changes and watch category scores move.

Covers llms.txt, robots.txt AI rules, JSON-LD, MCP discovery, sitemaps, canonicals, and related signals.

Runs on its own or together with a full security scan - same scanner, your choice.

Observed against

ChatGPT

OpenAI

Perplexity

Claude

Anthropic

Grok

xAI

Gemini

Google

// Plans

Start free. Scale when the signal demands it.

Run the public scanner with no card. Sign in during launch to save history, see full findings, export Markdown handoffs, and watch grade changes. Pro and Agency unlock unlimited scans, durable full-report access, and higher account limits.

Billing_preview

Free

Live

$05/day

Free scans. Limited-time full report access.

5 full trust scans / day
VibeSignal included
Grade + public summary
Limited-time export when signed in
Score watch on saved scans

>_ Start scanning

Pro

Popular

$29/mo

Higher limits for builders shipping fixes often.

Unlimited scans when billing is active
Same VibeLeak + VibeSignal engine
Saved history + score watch
Markdown + AI handoff export
API keys + CI hooksRoadmap

>_ Get Pro

Agency

Client fleet

$99/mo

For teams managing trust across client sites.

Unlimited scans when active
Client-fleet workflowsRoadmap
Bulk scanningRoadmap
Team seatsRoadmap
White-label reportsRoadmap

>_ Get Agency

No card to start

Full scan + VibeSignal

Limited-time export

Watch saved grades

Roadmap items marked

vibeleak@pricing:~$ plan --compare