What file types can this skill analyze?

It can scan various configuration formats including YAML, Terraform (HCL), CloudFormation, JSON, and standard system configuration files.

Can I use this for cloud infrastructure?

Yes, it is specifically designed to audit cloud templates like Terraform and CloudFormation to ensure resources aren't accidentally exposed to the public internet.

Does it automatically fix the vulnerabilities?

While it primarily identifies issues, Claude can use the skill's findings to suggest or apply code edits to remediate the misconfigurations upon your approval.

Is it suitable for CI/CD pipelines?

Absolutely. You can use this skill within your development environment to catch security regressions before code is merged or deployed to production.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

883

•

セキュリティとテスト

Detects and remediates security vulnerabilities within infrastructure-as-code and application configuration files.

This skill empowers Claude to perform proactive security audits by scanning system settings, application configurations, and infrastructure-as-code templates (like Terraform or CloudFormation) for common misconfigurations. It identifies risks such as exposed API keys, insecure network settings, and non-compliant access controls, providing actionable recommendations to strengthen your security posture throughout the development lifecycle. By catching these issues early, developers can prevent potential exploits and ensure compliance with industry best practices.

主な機能

01Actionable remediation recommendations

02Infrastructure-as-Code (IaC) vulnerability scanning

03System settings compliance verification

04Application configuration audit for insecure defaults

05883 GitHub stars

06Detection of exposed secrets and API keys

ユースケース

01Auditing Terraform or CloudFormation files before deployment to prevent public resource exposure.

02Verifying system password policies and access control lists against security best practices.

03Reviewing application YAML or property files for missing security headers or enabled debug modes.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill

主な機能

01Actionable remediation recommendations

02Infrastructure-as-Code (IaC) vulnerability scanning

03System settings compliance verification

04Application configuration audit for insecure defaults

05883 GitHub stars

06Detection of exposed secrets and API keys

ユースケース

01Auditing Terraform or CloudFormation files before deployment to prevent public resource exposure.

02Verifying system password policies and access control lists against security best practices.

03Reviewing application YAML or property files for missing security headers or enabled debug modes.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill