Elise Vance

https://t.co/9teTRiIi9V a vibe coding replacement for Loveable and Cursor. Unlike those platforms who leave their subscribers dangling with build costs that never lead to a scalable product. Chat Workforce builds it, scales it, manages it, and logs everything so that at the touch of a button you have everything you need to sell it if that’s your goal.

Day 2 of keeping track of how many times I want to fire my 19-year-old son and the things he says that make me question his generation. Only 10 times yesterday! Down from 17 the day before. That being said he did accuse me of operating my business like communist China. When I inquired what he meant by that it became very clear he doesn’t know anything about communism and knows even less about China. Happy Wednesday everyone! Just remember work may suck, but you could be working with your equal parts adorable and obnoxious, 19-year-old sitting next to you 10 hours a day, 7 days a week. (Wait… maybe I am running a “communist China workplace”…)🤷‍♀️ https://t.co/E9uErqQsjX

Ran your repo through Vibe Check. 90/100, one high-severity finding. Your shell skill passes LLM tool calls straight to bash -c without sanitization. The important thing never changed and one of those things is "don't let AI run arbitrary shell commands." Craze or not, Nina is a clean build. Just needs that one guardrail. Super cool project! 👏

Ran your repo through Vibe Check. 55/100 with a critical finding. Your auth middleware accepts wallet addresses straight from user input without verifying ownership. Anyone can impersonate any wallet by just passing a different address in the request. For a platform telling people to "stop overthinking and start building," this is the kind of thing worth overthinking a little. Full report: https://t.co/i9d3bfsjyg

Ran your repo through Vibe Check. 86/100 with 2 findings. The one to watch: your device name from settings gets passed directly to osascript without sanitization, so a malicious device name could inject arbitrary AppleScript commands. Cool setup though, I'm jealous of the mac mini living room situation. https://t.co/k9SBN6tDLK if you have any other repos you'd like to test. (It's free.)

Ran your repo through Vibe Check. 50/100 with 8 findings. The big ones: your execution user context switching grabs the first admin user ID without authorization checks, and your preview approval endpoint bypasses WordPress's built-in publishing permissions. There are also SQL injection paths and a ReDoS vulnerability in the find-replace function. Claude told you the code was good. Vibe Check found 3 high-severity and 5 medium-severity issues. That's exactly why the tool that writes the code shouldn't be the tool that reviews the code. Full report: https://t.co/UVmuhItkMk The refactor was a good instinct though. Breaking up large class files is the right move. Just needs a security pass too. https://t.co/k9SBN6tDLK if you want to run another pass on it. (It's free.)