Hacker News: princeholdings

New comment by princeholdings in "Ask HN: What Are You Working On? (March 2026)"

princeholdings — Mon, 09 Mar 2026 14:40:29 +0000

Two things I've been building this year, both trying to solve real problems I care about:

https://talonwatch.com : I kept seeing founders discover their Stripe keys were public or their database was wide open, usually after the damage was done. Built a passive security scanner for vibe-coded apps so that's easier to catch early. Free surface scan, no account needed.

https://thetracejournal.com : A small iOS journal that pairs a song with each entry. Music is tied to memory in a way nothing else is, and I wanted a place to capture that.

New comment by princeholdings in "Show HN: Talon - Security scanner for vibe-coded apps"

princeholdings — Mon, 09 Mar 2026 14:22:10 +0000

I built this because I was scanning my own projects and realised how easy it is to miss basic things when you're moving fast. Exposed keys in a public repo, a .env file indexed by Google, a Firebase database with default rules still on.

The free scan is fully passive so it never touches your app directly. It checks public GitHub repos associated with your domain for leaked credentials, looks at your security headers, checks certificate transparency logs, and probes a handful of common debug endpoints like /.git/HEAD and /actuator/env.

The deep scan goes further: active endpoint probing, JS bundle analysis for secrets, CORS checks, Firebase and Supabase rule testing, and optional static analysis of a private repo via GitHub OAuth.

Show HN: Talon - Security scanner for vibe-coded apps

princeholdings — Mon, 09 Mar 2026 14:21:44 +0000

Article URL: https://talonwatch.com

Comments URL: https://news.ycombinator.com/item?id=47309478

Points: 1

# Comments: 1