Free AI app scorecard

Scan the public risk surface of your AI-built app in 30 seconds.

Paste any public URL to check client bundles, private-looking routes, Supabase/RLS signals, CORS, headers, runtime errors, and page quality. Then request a free human review for the deeper launch risks a scanner cannot see.

What is the free AI app scorecard?

A 30-second public risk scan

The free AI app scorecard analyzes any public URL and reports surface-level risk: client-bundle API key patterns, common private and admin routes, Supabase and RLS signals, CORS configuration, security headers, runtime errors, and page quality. It needs only a URL and no code access.

A fast filter, not a full audit

The scorecard catches obvious issues cheaply so you know whether a deeper human review is worth booking. It cannot confirm that private data is protected or that a bad deploy can be rolled back.

What does the scorecard check?

The scorecard is a fast public-surface screen for founder-built apps. It is designed to catch obvious issues before you spend time on a deeper review.

Client bundle risk

Public JavaScript is scanned for key patterns, Supabase project signals, source maps, and other evidence that should trigger human review.

Admin and API surfaces

Common private-looking paths are probed for reachable routes that do not show an obvious login wall or authorization boundary.

Headers, CORS, runtime

Missing security headers, wildcard CORS, browser errors, and secondary quality signals show where launch hardening should begin.

What does the scorecard not check?

A public scan cannot see everything. That is why the scorecard is paired with a written human review.

The scorecard tells you what the public web can see. The human review tells you what can break once real users arrive.