- Critical:
Your database key is in the page source
Security· One-line fix
- Warning:
No cookie consent and you're collecting analytics
Legal / GDPR· Needs a consent banner
- Info:
12 images have no alt text
Accessibility· Quick fix
The AI Slop Detector
Your AI writes fast. It also writes sloppy.
Ship code you’d put your name on.
Get your free Stack ScanFree. Private. Runs in 30 seconds.
1,337 issues caught across all scans
0 issues caught.
Most AI-generated apps fail their first scan. Yours probably will too. That’s fine.
Why this exists
Your linter catches typos. We catch the rest.
She shipped on Friday. The email came Monday.
Without AuditBuffet
Maya shipped a journaling app in March. Two weeks later, a user emailed:
“Why are my private entries showing up on Google?”
Her Supabase row-level-security was off. She didn’t know what RLS was.
With AuditBuffet
She ran the free Stack Scan. It found 6 issues, including her Supabase RLS being off.
She upgraded to Pro, ran the full Security Audit. Found 4 more things she’d never have caught.
Next scan: all green. Badge on her homepage. Slept well.
“The first audit I ran on AuditBuffet was the API Design Audit. It failed. 15 critical and high-severity bugs in my own code. No rate limits on my API. A pricing page that didn’t match my backend. Admin operations that didn’t require re-auth. If the guy building the audit tool ships bugs, what’s your AI shipping?”
Christopher Kleinman · Founder of AuditBuffet
Free Stack Scan
One scan. The scariest stuff. Free.
The Stack Scan checks for the stuff that bites you after launch. Your entire codebase, one prompt.
Security Problems
11 checksYour data could leak. Your project could be taken over.
Database keys in the client bundle · RLS USING (true) policies that don't filter · Unauthenticated [id] routes (IDOR) · Validation schemas imported but never .parse()-ed · Missing HSTS / CSP / Referrer-Policy
Legal Exposure
8 checksYou could be fined or sued.
Missing alt text (ADA-lawsuit bait, Domino's v Robles) · No account-deletion endpoint (GDPR Art. 17, CNIL €20M Finish Line) · No data-export endpoint (Art. 20) · No "Do Not Sell" link (CCPA $7,500/violation) · console.log(user) in server code
Abuse Surface
6 checksOne bad user could bankrupt you overnight.
Unrated login endpoints — credential stuffing (23andMe 6.9M) · Webhooks without signature verification — forged events · Webhooks without idempotency — double-charges · Unbounded list queries — DB melts · Client-controlled payment amounts ($0.01 pays for anything)
Pick your deep dive
The Stack Scan is the sampler. Pros pick a station.
Every pack is a curated deep dive — the audits that matter for what you’re actually building. All included with Pro.
SaaS
Cover your full stack
Authentication, authorization, billing, multi-tenancy, and API design — the operational backbone every SaaS product needs before real users arrive.
AI App
Ship AI features responsibly
Prompt injection prevention, data privacy, token optimization, and UX patterns for apps powered by language models.
Get started
Start your free scan.
Cursor, Claude Code, VS Code, Windsurf
Run one command in your terminal.
$ npx auditbuffet run stack-scanLovable, Bolt, Base44, v0, Replit
Copy the prompt and paste it into your AI’s chat.
This audit evaluates your project for the most critical security, privacy, and accessibility issues that AI-built projects commonly ship with...
Want to track your score over time? Sign up free
Free vs Pro
The free scan is a taste. Pro is the whole buffet.
Free: Stack Scan
A mile wide, an inch deep. Checks for the biggest risks across security, auth, data exposure, accessibility, and legal liability. Enough to know where you stand. Enough to scare you a little. 1 audit · surface-level checks → The taste.
Pro: 117 Audits
Ten miles wide, ten miles deep.
Security: 24 checks.
Accessibility: 24 checks.
SEO. Performance. AI safety.
Compliance. Data privacy.
...and 110 more.
Each audit: weighted scoring,
cross-references between findings,
and your AI builds the fix plan.
117 Pro audits · thousands of checks
→ The whole buffet.Simple pricing
It’s a buffet, not a menu.
One price. Every audit. No picking, no per-seat, no sales call.
Free
$0
The Stack Scan. Finds the scariest stuff in any AI-built project.
- Exposed secrets, auth holes, XSS, data leaks
- Accessibility, privacy, and compliance checks
- Tech stack detection + benchmarking
- Plain-English findings with fixes
- No signup required
Pro
$9 /month
or $79/year (save 27%)
How it works
Three steps. Any AI tool.
Copy the prompt
Grab your Stack Scan prompt from AuditBuffet. One click.
Paste it into your AI
Cursor, Lovable, Claude Code, Bolt, Replit, v0 — any tool that can read your code.
Get your results
Your AI reads your codebase, runs every check, and gives you a scored report with findings. Your code never leaves your machine.
The things you were going to ask
Yeah, but...
Will I understand what to fix, or is this going to be a wall of jargon?
Am I going to feel dumb running this?
Does my code get uploaded somewhere?
Is this going to flood me with 400 "issues" that don't matter?
What if I don't even understand the bug it found?
Ship something you’re proud of.
Run the free Stack Scan. See what your AI missed. Fix it tonight.
$npx auditbuffet run stack-scan