A working catalog of the platforms, services, APIs, and secrets Protect Your Vibes can identify. Passive checks run by default from public HTML, headers, JS bundles, and DNS. Deeper API and database probes run only after verified ownership.
Apps built on these platforms get dedicated checks — bundled anon keys, exposed app IDs, platform-specific misconfigurations.
Backend-as-a-service platforms we probe for RLS, collection exposure, admin-secret leaks, and schema introspection.
Detected via response headers and DNS.
Detected via HTML markers and bundle signatures.
Detected from connection strings or SDK usage in the client bundle.
Cross-platform API checks that don't depend on the underlying stack.
API keys and tokens for cloud and infra platforms, detected by pattern.
Secret keys for payment platforms. Leaked live keys = direct financial risk.
AI API keys — a single leaked key can burn thousands in compute charges in a day.
Keys for email and SMS providers — leaked keys enable phishing from your verified domain.
Tokens for Slack, Discord, and team tools.
Tokens for source-control and package registries.
Tokens for productivity and SaaS platforms your app might integrate with.
Broad patterns that catch keys from platforms we don't individually enumerate.