Free Security Scan for AI Apps

Catch the security issues that vibe-coded apps actually ship with. Passive checks only — no probing, no signups, no catch.

Your site URL Public URL of the app you want scanned. https:// is added automatically if you leave it off. We only fetch it the way any browser would.

Email for the report

What best describes you? (optional)

We'll email your scan results to the address above. We may follow up once or twice if your situation looks like a fit for what ClearPath does. You can unsubscribe any time.

By submitting, you agree to the Scanner Terms and our Privacy Policy. Scan results are informational, not compliance or legal advice.

Scanner Pro · $15/mo

Need a deeper, code-level scan?

The free scan above checks what your site exposes at the network layer. Scanner Pro reads your actual source code — finds hardcoded secrets across every file, dependency manifest issues, and AI-specific risk patterns the surface scan can't see.

Hardcoded secret patterns across the entire repo (~30 secret types)
Dependency manifest analysis (npm, pip, Cargo, Go, Maven)
AI/LLM code patterns mapped to OWASP LLM Top 10 categories
Public OR private GitHub repos (Personal Access Token supported, never stored)
3 deep repo scans per month, cancel any time

Get Scanner Pro

What we check

Security headers

CSP, HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy.

TLS / HTTPS

Certificate validity, protocol versions, common misconfigurations.

Cookie security

Secure, HttpOnly, and SameSite flags on cookies served to visitors.

Mixed content

HTTP resources pulled into HTTPS pages — common cause of browser warnings.

Client-side secret exposure

API keys and tokens accidentally shipped in returned HTML or JavaScript.

AI feature risk profile

Detection of chat/AI features and the categories of injection risk that apply. Informational, not a vulnerability assertion.

Passive only. We fetch your URL the way any browser would. We do not probe paths you don't own, attempt unauthorized access, or send adversarial inputs. For deeper checks (hardcoded secrets, dependency vulnerabilities, code-level AI risk patterns), Scanner Pro reads your code with explicit access — your Personal Access Token, never stored.