Which configuration formats are supported?

The skill supports a wide range of formats including Terraform, CloudFormation, YAML, JSON, and various system-level configuration files.

Does it provide fixes or just identify problems?

It identifies specific security flaws and provides detailed remediation recommendations that you can implement to secure your environment.

Can it detect exposed API keys?

Yes, the skill is designed to scan configuration files for hardcoded secrets, API keys, and other sensitive credentials that should not be in plain text.

Is this skill suitable for DevSecOps workflows?

Absolutely. It is an ideal tool for shifting security left, allowing developers to catch configuration errors during the coding and PR review phases.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

883

Seguridad y Pruebas

Scans infrastructure-as-code and application settings to identify and remediate security vulnerabilities and compliance gaps.

Acerca de

This skill empowers Claude to proactively detect security weaknesses across your technical stack by analyzing configuration files, system settings, and infrastructure-as-code (IaC) templates. By leveraging specialized plugin logic, it audits environments for insecure defaults, exposed secrets, and non-compliant access controls, providing actionable remediation advice to ensure your deployments adhere to industry security best practices and compliance standards before they reach production.

Características Principales

Automated IaC scanning for Terraform and CloudFormation templates
Detailed remediation recommendations for all identified vulnerabilities
Identification of exposed sensitive data such as API keys and credentials
883 GitHub stars
Application configuration auditing for insecure defaults and missing headers
Compliance checking against industry-standard security best practices

Casos de Uso

Reviewing cloud infrastructure templates for public resource exposure before deployment
Performing regular security assessments of system-level access control policies
Auditing application environment files for hardcoded secrets and insecure settings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill

GitHub