A vibe-coded marketplace.
Real users.
ShynSmart is a jewelry deal marketplace built with AI tools, live in production, with real users browsing and searching every day. It looked polished. It loaded fast. It worked.
It ran through StackSip anyway. The score came back: High risk; not production ready.Five criticals issues found. None of them visible. All of them dangerous.
Finding 3: Data poisoning via unique constraint gaps
ShynSmart Homepage: A polished production marketplace
StackSip Score: 45 (High Risk)
Finding 1: Hidden API cost spirals with no limits
Finding 2: Silent failures due to env var mismatch
Finding 3: Data poisoning via unique constraint gaps
ShynSmart Homepage: A polished production marketplace
The bill with no ceiling
The platform used OpenAI to process product listings. StackSip flagged it immediately: no input size limit, no cost cap. One bloated scrape job or a small flood of listings, and the API bill spirals with nothing to stop it. The code looked fine. The risk was completely hidden.
Blank screens, No explanation
StackSip caught two different environment variables pointing to the same Django backend. In production, if either is missing or mismatched, pages silently fail. Blank screens. No error. No clue why. The kind of bug that gets reported by a user, not a log.
The catalog that breaks itself
The deduplication logic looked like it was working. StackSip found the gap: No uniqueness constraint. A URL with a trailing slash? Same deal, saved twice. Users see repeated listings. The marketplace looks broken. Nobody knows why.