What file types can this skill analyze?

It can scan various configuration formats including YAML, Terraform (HCL), CloudFormation, JSON, and standard system configuration files.

Can I use this for cloud infrastructure?

Yes, it is specifically designed to audit cloud templates like Terraform and CloudFormation to ensure resources aren't accidentally exposed to the public internet.

Does it automatically fix the vulnerabilities?

While it primarily identifies issues, Claude can use the skill's findings to suggest or apply code edits to remediate the misconfigurations upon your approval.

Is it suitable for CI/CD pipelines?

Absolutely. You can use this skill within your development environment to catch security regressions before code is merged or deployed to production.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

883

Seguridad y Pruebas

Detects and remediates security vulnerabilities within infrastructure-as-code and application configuration files.

Acerca de

This skill empowers Claude to perform proactive security audits by scanning system settings, application configurations, and infrastructure-as-code templates (like Terraform or CloudFormation) for common misconfigurations. It identifies risks such as exposed API keys, insecure network settings, and non-compliant access controls, providing actionable recommendations to strengthen your security posture throughout the development lifecycle. By catching these issues early, developers can prevent potential exploits and ensure compliance with industry best practices.

Características Principales

Actionable remediation recommendations
Infrastructure-as-Code (IaC) vulnerability scanning
System settings compliance verification
Application configuration audit for insecure defaults
883 GitHub stars
Detection of exposed secrets and API keys

Casos de Uso

Auditing Terraform or CloudFormation files before deployment to prevent public resource exposure.
Verifying system password policies and access control lists against security best practices.
Reviewing application YAML or property files for missing security headers or enabled debug modes.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill

GitHub