Where does the skill save the security reports?

Reports are automatically saved as Markdown files in the {baseDir}/security-findings/ directory, organized by date for easy tracking.

What configuration formats does this skill support?

The skill supports a wide range of formats including Terraform (.tf), CloudFormation (YAML/JSON), application settings (YAML, JSON, .env), and system configuration exports.

Which security standards does the Auditor follow?

It references industry-standard baselines including CIS Benchmarks, OWASP Infrastructure-as-Code Security Cheatsheets, and Cloud Security Alliance best practices.

Does it provide instructions on how to fix the security issues?

Yes, every findings report includes a remediation plan with minimal-change implementation steps and instructions on how to verify the fix.

Security Misconfiguration Auditor

Name: Security Misconfiguration Auditor
Author: Brmbobo

byBrmbobo

0•

Seguridad y Pruebas

Identifies and remediates security misconfigurations in infrastructure-as-code, application settings, and system configurations.

The Security Misconfiguration Auditor skill empowers Claude to perform automated security reviews of your technical stack. By scanning infrastructure-as-code templates like Terraform and CloudFormation alongside application configuration files (YAML, JSON, .env), it detects risky defaults, configuration drift, and missing security controls. The skill compares your current setup against industry-standard hardening guides, such as CIS Benchmarks and OWASP, providing a comprehensive report with severity ratings and actionable remediation plans to ensure your environment remains secure and compliant.

Características Principales

01Detailed security findings reports with severity levels

02Minimal-change remediation plans with verification steps

03Automated scanning of Terraform and CloudFormation templates

04Baseline comparison against CIS Benchmarks and OWASP standards

05Application configuration auditing for YAML, JSON, and .env files

060 GitHub stars

Casos de Uso

01Auditing infrastructure-as-code before deploying to production

02Validating application environment variables and settings for security gaps

03Detecting configuration drift in cloud-based system settings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add brmbobo/web2podcast finding-security-misconfigurations

For use in Claude.ai and ChatGPT

Download Skill