VrothSec installs on your GitHub repo and reviews every pull request for AI and cloud security issues — hardcoded keys, exposed endpoints, overpermissioned IAM, prompt injection risks, and more.
Hardcoded Anthropic API key. Move to environment variables.
🔴 Critical — Line 9
S3 bucket set to public-read. Restrict with IAM policies.
🟠 High — Line 17
No rate limiting on AI inference endpoint. DoS risk.
What it catches
🔑
Hardcoded Secrets
API keys, tokens, and credentials committed directly in code.
☁️
Cloud Misconfigs
Public S3 buckets, overpermissioned IAM roles, insecure storage configs.
🤖
AI Endpoint Risks
Unprotected model endpoints, missing rate limits, insecure inference paths.
💉
Prompt Injection
Exposure through retrieval chains, tool use, and unsanitized inputs.
📝
Sensitive Logging
Prompts and outputs logged to places they should never land.
⚡
Install Once
Runs automatically on every PR. No config, no manual reviews needed.
Founding member pricing
10 spots only
VrothSec Founding Member
$15
/ month · locked in forever
Unlimited private repos
All security checks included
GitHub Marketplace install
Direct access to the builder
Shape the product roadmap
Privacy Policy
Last updated: May 7, 2026
What we collect
VrothSec receives pull request diffs from GitHub when you open or update a PR in a repo where the app is installed. We process this diff to identify security issues. We do not store your code or diffs after processing.
How we use your data
Diff content is sent to Google Gemini API for security analysis. It is not stored, sold, or shared with any third party beyond what is necessary to perform the review. Billing information is handled entirely by Paddle and is never seen or stored by us.
GitHub permissions
VrothSec requests read access to pull requests and write access to post comments. We do not access your repository code outside of the PR diff context.
VrothSec is a GitHub App that automatically reviews pull requests for AI and cloud security issues. By installing the app or purchasing a subscription, you agree to these terms.
Use
VrothSec is provided as a security assistance tool. Findings are AI-generated and should be reviewed by a qualified developer before acting on them. We do not guarantee that all security issues in your code will be detected.
Subscriptions
Subscriptions are billed monthly through Paddle. You can cancel at any time. Founding member pricing is locked in for the lifetime of your subscription as long as it remains active.
Liability
VrothSec is provided as-is. We are not liable for any security incidents, data breaches, or damages arising from the use or non-use of this service.
If you are unsatisfied within the first 7 days of your subscription, contact us for a full refund. No questions asked.
After 7 days
Refunds after 7 days are considered on a case-by-case basis. If VrothSec was not functioning as described, we will issue a refund for the affected billing period.
You can cancel your subscription at any time through Paddle. Cancellation takes effect at the end of your current billing period. No partial refunds for unused time.