Where are the security audit results saved?

Findings are compiled into a timestamped Markdown report located in the {baseDir}/security-findings/ directory for easy review.

What files can this skill audit?

It scans Terraform (.tf), CloudFormation (.yaml, .json), application settings (.env, .yml, .json), and system configuration exports for security flaws.

What security standards does it reference?

The skill utilizes industry-standard frameworks including CIS Benchmarks, OWASP Infrastructure as Code Security Cheat Sheet, and Cloud Security Alliance (CSA) best practices.

Does it provide remediation steps?

Yes, it flags issues with severity levels and provides a minimal-change remediation plan along with verification steps to ensure the fix is effective.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

983

•

Seguridad y Pruebas

Audits infrastructure-as-code and application settings to identify and remediate security vulnerabilities and configuration drift.

This skill empowers Claude to perform deep security audits across your codebase, focusing on Infrastructure as Code (IaC) templates like Terraform and CloudFormation, as well as application and system configuration files. By comparing current settings against industry-standard baselines like CIS Benchmarks and OWASP guidelines, it identifies risky defaults, missing controls, and configuration drift. It doesn't just find issues; it provides actionable, minimal-change remediation plans to harden your environment and ensure compliance with security best practices.

Características Principales

01Baseline comparison against CIS Benchmarks and OWASP standards

02Step-by-step remediation plans and verification instructions

03983 GitHub stars

04Automated IaC scanning for Terraform and CloudFormation templates

05Detailed security findings report with severity ratings

06Identification of risky default settings and missing security controls

Casos de Uso

01Pre-deployment security audits for cloud infrastructure templates

02Ensuring system settings comply with organizational security hardening policies

03Validating application configuration files for sensitive data exposure or weak defaults

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills finding-security-misconfigurations

For use in Claude.ai and ChatGPT

Download Skill

Características Principales

01Baseline comparison against CIS Benchmarks and OWASP standards

02Step-by-step remediation plans and verification instructions

03983 GitHub stars

04Automated IaC scanning for Terraform and CloudFormation templates

05Detailed security findings report with severity ratings

06Identification of risky default settings and missing security controls

Casos de Uso

01Pre-deployment security audits for cloud infrastructure templates

02Ensuring system settings comply with organizational security hardening policies

03Validating application configuration files for sensitive data exposure or weak defaults

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills finding-security-misconfigurations

For use in Claude.ai and ChatGPT

Download Skill