Vibe coding safely: the setup step the beginner guides skip

Vibe coding is having a moment, and for good reason: you describe what you want in plain English, an AI writes the code, and something real appears on your screen without you having memorised a single command. The guides are everywhere — “build your first app in an afternoon,” “from zero to shipped.” Almost all of them teach you the same thing: how to get going.

Here is what nearly none of them teach. “The AI builds it for you” quietly includes “the AI runs things on your computer for you.” To turn your description into a working app, the assistant does not merely type code into a file — it installs packages off the internet, runs commands in your terminal, and reads web pages and documentation as it goes. Every one of those is the assistant reaching out, with your permissions, to fetch and run code written by strangers. That is not a reason to stop. It is simply the one part of the picture the “how to start” tutorials leave in the dark — and it turns out to be easy to cover once you can see it.

What “the AI builds it for you” actually involves

It installs packages

Modern apps are assembled from building blocks called packages — pre-written code that others published to public libraries. When your assistant decides it needs one, it downloads and installs it, and many packages run a little of their own code during installation. So “I added image uploads” can mean “code from someone I have never heard of just ran on my machine.”

It runs commands

To set things up, test them and start them, the assistant runs commands in your terminal — the same place you would type them yourself, with the same access to your files. You are usually watching the result, not vetting each command before it runs.

It reads the web

To follow documentation or check how something works, it fetches web pages and reads them. Useful — but a web page can carry hidden text aimed at the AI rather than at you, which is its own small risk (more on that below).

Where it can go wrong

A bad package slips in

Most packages are fine. The trouble is the occasional one that is malicious or has been compromised — and the package you asked for drags in others it depends on, any of which could be the problem. Because the assistant installs without you reading the list, a bad one runs before anyone notices.

A hidden instruction hijacks the AI

When the assistant reads a page or a file, an attacker can plant instructions inside it that the model treats as commands. It is called indirect prompt injection, and the 5bats prompt injection guide walks through it. For now: what your AI reads can try to tell it what to do.

You do not have to be “a target”

The reassuring and slightly unsettling truth is that none of this requires anyone to single you out. These attacks are opportunistic — a poisoned package or page catches whoever installs or reads it. You do not have to be important to be affected, which is exactly why a standing guard beats hoping you are not interesting enough.

How to vibe code safely

You do not need to become a security expert. You need a couple of automatic checks sitting between your assistant and the riskiest moments, so the safe path is the default.

Gate what gets installed

Put a check in front of installs so a known-bad or suspiciously new package is stopped before it runs. If your assistant installs things for you, claude-code-cve-gate screens every install it attempts; if you run installs yourself in Python, pip-cve-gate does the same — and there are matching gates for PHP and Homebrew.

Make what it reads safe

When your assistant fetches the web, route it through a tool that strips hidden instructions first — safe-fetch on the command line, mcp-safe-fetch for Claude Desktop. To stop a coding agent acting on anything injected, claude-code-prompt-injection-gate holds the line between reading and running.

Stay in the loop

Keep enough visibility to see what the assistant is doing, and resist blanket-approving everything. The guards above catch the common dangers automatically; your attention catches the unusual ones.

FAQ

Is vibe coding safe?

Vibe coding is as safe as what your AI installs and runs. The act of describing an app is harmless; the risk is that the assistant fetches and executes code from strangers to build it. Put a check in front of those installs and fetches and the everyday risk drops sharply.

Can an AI coding assistant install malware?

Not on purpose, but it can install a package that turns out to be malicious or compromised — it has no way to know, and it usually installs without you reading the name. A pre-install gate checks each package before it runs, which is exactly the gap to close.

What can go wrong when an AI runs commands for you?

Two things mainly: it installs a bad package (a supply-chain risk), or it acts on hidden instructions in a web page or file it read (prompt injection). Both are well understood, and both have simple, free guards you can put in place.

Ready to put the guards in place? Start with the supply-chain gates for what gets installed and the AI-agent security tools for what gets read — all free, all run on your own machine.