Where are the security audit results saved?

Findings are compiled into a timestamped Markdown report located in the {baseDir}/security-findings/ directory for easy review.

What files can this skill audit?

It scans Terraform (.tf), CloudFormation (.yaml, .json), application settings (.env, .yml, .json), and system configuration exports for security flaws.

What security standards does it reference?

The skill utilizes industry-standard frameworks including CIS Benchmarks, OWASP Infrastructure as Code Security Cheat Sheet, and Cloud Security Alliance (CSA) best practices.

Does it provide remediation steps?

Yes, it flags issues with severity levels and provides a minimal-change remediation plan along with verification steps to ensure the fix is effective.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

983

Seguridad y Pruebas

Audits infrastructure-as-code and application settings to identify and remediate security vulnerabilities and configuration drift.

Acerca de

This skill empowers Claude to perform deep security audits across your codebase, focusing on Infrastructure as Code (IaC) templates like Terraform and CloudFormation, as well as application and system configuration files. By comparing current settings against industry-standard baselines like CIS Benchmarks and OWASP guidelines, it identifies risky defaults, missing controls, and configuration drift. It doesn't just find issues; it provides actionable, minimal-change remediation plans to harden your environment and ensure compliance with security best practices.

Características Principales

Baseline comparison against CIS Benchmarks and OWASP standards
Step-by-step remediation plans and verification instructions
983 GitHub stars
Automated IaC scanning for Terraform and CloudFormation templates
Detailed security findings report with severity ratings
Identification of risky default settings and missing security controls

Casos de Uso

Pre-deployment security audits for cloud infrastructure templates
Ensuring system settings comply with organizational security hardening policies
Validating application configuration files for sensitive data exposure or weak defaults

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills finding-security-misconfigurations

For use in Claude.ai and ChatGPT

Download Skill

GitHub