Dani
486 posts

Dani
@danixwizard
AI ads for ecom brands | Scaling my agency to $10k/m | Building apps on the side
شامل ہوئے Kasım 2025
177 فالونگ45 فالوورز


ai ugc has reached the point where the audience can't tell the difference between real and fake.
the clip i attached is 100% ai.
production cost on that clip: about $5
A clip at that quality would have cost $1,200-$2,500 to produce in 2023.
studio
actor
editor
sound mix.
now I can create that in 10 minutes.
the collapse already happened. most of the market hasn't priced it in yet.
Here's what to do:
Cook up an AI character
Ship 30+ clips/week about your product
Funnel traffic towards the products
English

Act as a senior application security engineer. Audit this app for realistic launch risks. Do not invent findings — if you can't verify something, say so. Be skeptical. Prioritize by real launch risk, not theoretical ones. Explain everything simply enough for a non-technical founder to act on.
Fill in your context:
App name: [insert]
URL: [insert]
Frontend: [React / Next.js / Vue / etc]
Backend: [Supabase / Firebase / Express / etc]
Database: [Supabase / Firebase / Postgres / etc]
Auth: [email/password / Google / magic link / none]
Payments: [Stripe / Lemon Squeezy / none]
Hosting: [Vercel / Netlify / etc]
Data collected: [emails, names, payment info, etc]
Launch status: [not launched / live]
Audit these areas:
Exposed secrets — API keys, service role keys, or .env values ever appear in client-side code or the browser bundle?
Vulnerable dependencies — run npm audit, flag high/critical issues.
Leaking errors — do API routes return raw stack traces or error objects to users instead of generic messages?
Open redirects — can auth/login redirects be hijacked via an unvalidated query parameter?
CORS policy — is Access-Control-Allow-Origin: * used anywhere it shouldn't be?
Auth & sessions — can login be bypassed? Are protected pages checked server-side, not just hidden in the UI? Is there rate limiting on login/signup/password reset?
Authorization (IDOR) — can one user access another user's data by changing an ID in a request?
Database security — if using Supabase/Firebase, is Row Level Security (or equivalent) enabled and actually restrictive on every table? Is the service role key ever exposed client-side?
API route protection — does every route check for a valid session before returning data? Any rate limiting on expensive operations?
Form/input validation — is input validated server-side, not just client-side? Any injection risks?
Privacy & data handling — is only necessary data collected? Is there a privacy policy? Is there a way to delete user data on request?
Deployment config — any secrets in git history? Debug mode on in production? HTTPS enforced?
Manual tests to run:
Log out, try to access protected pages directly by URL
Create two accounts, try to access each other's data by changing IDs
Inspect network responses for leaked data or stack traces
Search the browser JS bundle for key patterns like sk_, service_role, secret
Try spamming login/signup to check for rate limiting
Call API routes directly (Postman/curl) without auth — should return 401
Report back in this format:
Executive summary + biggest risk
Overall risk rating: Low / Medium / High / Critical
Top 5 fixes before launch
Findings table: Issue | Severity | Verified? | Why it matters | How to fix | Location
What's already secure
Questions you need answered
Plain-language summary for a founder
Final launch recommendation
Severity guide: Critical = data breach/account takeover/exposed secrets. High = fix before real users sign up. Medium = fix soon after launch. Low = best practice, not urgent.
Goal: find real risks that could expose user data, break the app, or create legal/financial exposure. Be blunt, be practical, skip theoretical risks that don't apply.
English

i've been vibe coding a saas for the past few weeks and had one thought:
"this shit is probably insecure as hell."
so i put together a prompt for claude/codex that goes through your project and looks for common security issues, bad practices, exposed secrets, auth problems, etc.
if you're building with AI, it'll probably save you from at least a few stupid mistakes.
prompt below 👇
English

holy fucking shit.
after 8 months of working on Cupidly
i have finally hit $10k/mo 🥹

jonathan liu@jonathanzliu
stop edging me
English


Don't pay for Higgsfield, use Syllaby
Don’t pay for Notion AI, use Obsidian
Don’t pay for Ahrefs, use Ranked AI
Don’t pay for Jasper AI, use ChatGPT
Don’t pay for Grammarly, use LanguageTool
Don’t pay for Adobe, use Canva Pro
Don’t pay for Zapier, use Make
Don’t pay for Calendly, use TinyCal
Don’t pay for Capcut, use Inshot
Don’t pay for Dropbox, use Google Drive
Don’t pay for Zoom, use Google Meet
Don’t pay for Figma Pro, use Penpot
Don’t pay for HubSpot, use HighLevel
(SAVE THIS before it disappears)
English

















