FYI, your site's admin login panel can be bypassed by deleting the login modal from the DOM. Also, there doesn't seem to be any authentication for your admin tools (like triggering a scrape).
Thank you! Vibe coded indeed huh? Wasn't too worried on my end, as if my subscription quota runs out it just fails but doesn't charge me. Very appreciated, the stakes were low so don't hold any atrocious shortcuts too against me.