VibeLeak
    Back to case studiesREPORT_BACKED_BRIEF

    Client brief

    Donebyverde trust cleanup

    Creative agency partner site moved from Grade B at 83/100 to Grade S with a 12 point VibeSignal lift.

    Client

    Donebyverde.com

    Start score

    83/100

    Findings

    2

    Scan date

    May 12, 2026

    Scan your siteVisit site
    Donebyverde homepage desktop screenshot for the VibeLeak trust cleanup case study.
    Live site previewPublic site surface

    Start

    B83/100

    Final

    SElite trust signal

    Client context

    Donebyverde.com is a creative agency partner site reviewed with VibeLeak before a public trust recheck.

    Starting scan

    The starting scan returned Grade B at 83/100. The site was already close, but one high-priority configuration issue and one disclosure gap kept the public trust surface from reaching S.

    Severity mix

    Critical
    0
    High
    1
    Medium
    0
    Low
    0
    Info
    1

    Top priority

    Restrict wildcard CORS to trusted origins before promotion or broader agent handoff.

    Open saved scan

    What VibeLeak found

    The findings below are copied into public-safe language from the exported report and kept in the original severity order.

    HighTrustScanlegacy-1

    Wildcard CORS origin

    The response allowed any origin through Access-Control-Allow-Origin: *, which makes cross-origin access too permissive for a public agency site.

    Evidence

    Access-Control-Allow-Origin returned a wildcard origin.

    Fix path

    The remediation path was to tighten the public response to trusted origins and verify the site still loaded normally.

    InfoTrustScansecuritytxt-missing

    Missing security disclosure policy

    The scan did not find a valid /.well-known/security.txt file with a Contact field, so responsible disclosure had no standard public route.

    Evidence

    /.well-known/security.txt was not found with a Contact field.

    Fix path

    The remediation path was to publish a security.txt file with a real monitored contact and a future expiry.

    What was addressed

    CORS policy tightened

    The high-priority wildcard CORS signal was treated as the primary blocker because it changes browser-side access boundaries.

    Disclosure route added

    The missing security.txt path was closed so external researchers and automated reviewers have a standard report channel.

    Public proof rechecked

    The improvement was tied back to VibeLeak output so the final grade was evidence-led instead of a design-only claim.

    Final outcome

    Donebyverde finished at Grade S. The recorded VibeSignal movement was 70 to 82, a 12 point improvement after the trust cleanup and recheck.

    Start grade

    B at 83/100

    Final grade

    S

    VibeSignal

    +12 points

    Source reference

    Saved VibeLeak scan

    Generated UTC 2026-05-12T22:28:38.276Z. Public page copy uses the report findings without exposing private remediation notes.

    View scan
    vibeleak@public-console:~$ case-study --open donebyverde