Is it suitable for production environment audits?

While it is excellent for pre-deployment checks, it can also be used to audit existing configuration files and system settings to find drift from security best practices.

What file formats can this skill analyze?

The skill can analyze a wide variety of configuration formats including Terraform (.tf), CloudFormation, YAML, JSON, and standard system configuration files.

Does it provide instructions on how to fix the issues?

Yes, Claude will present the identified misconfigurations along with specific, actionable recommendations for remediation.

Can this skill find exposed API keys?

Yes, it is designed to scan configuration files for sensitive data such as hardcoded API keys, exposed secrets, and insecure credential storage.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

884

•

Seguridad y Pruebas

Identifies and remediates security vulnerabilities within infrastructure-as-code deployments and application configuration files.

This skill empowers Claude to proactively detect security misconfigurations across a wide range of environments, from cloud infrastructure templates to local application settings. By leveraging specialized scanning logic, it analyzes files like Terraform configurations, Kubernetes manifests, and YAML application defaults to pinpoint risks such as publicly accessible resources, disabled security headers, or exposed credentials. It is an essential tool for developers and DevOps engineers looking to automate security auditing and ensure their systems remain compliant with industry best practices before deployment.

Características Principales

01Automated scanning of Infrastructure-as-Code (IaC) files

02Identification of exposed secrets and API keys in settings

03Actionable remediation guidance for every identified vulnerability

04Detection of insecure defaults in application configurations

05Compliance auditing for system access controls and password policies

06884 GitHub stars

Casos de Uso

01Auditing Terraform or CloudFormation files for public S3 buckets and open security groups

02Scanning application.yml or web.config files for disabled encryption or security features

03Reviewing system environment variables and settings for compliance with security standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill

Características Principales

01Automated scanning of Infrastructure-as-Code (IaC) files

02Identification of exposed secrets and API keys in settings

03Actionable remediation guidance for every identified vulnerability

04Detection of insecure defaults in application configurations

05Compliance auditing for system access controls and password policies

06884 GitHub stars

Casos de Uso

01Auditing Terraform or CloudFormation files for public S3 buckets and open security groups

02Scanning application.yml or web.config files for disabled encryption or security features

03Reviewing system environment variables and settings for compliance with security standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill