Can I use this for pre-deployment checks?

Absolutely. This skill is designed to catch security gaps early in the development lifecycle before configurations are deployed to production.

How does this help with compliance?

By auditing your settings against security best practices and predefined rules, it ensures your infrastructure and applications meet high security standards.

What types of files can this skill analyze?

It can analyze infrastructure-as-code files like Terraform and CloudFormation, as well as application configuration files such as .yml, .json, or .env.

Does it provide solutions for the found issues?

Yes, Claude will identify specific misconfigurations and provide actionable remediation recommendations to help you fix the vulnerabilities.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

883

•

セキュリティとテスト

Identifies and remediates security vulnerabilities in infrastructure-as-code, application settings, and system configurations.

The Security Misconfiguration Finder skill empowers Claude to proactively detect security weaknesses across various environments, including Terraform, CloudFormation, and application config files. By leveraging specialized plugins, it audits infrastructure settings, identifies insecure defaults, and flags potential vulnerabilities before they can be exploited. This skill is essential for developers and security engineers who need to perform automated audits, ensure compliance with best practices, and secure their deployment pipelines through early detection of risks like exposed API keys or overly permissive network settings.

主な機能

01Infrastructure-as-Code (IaC) analysis for Terraform and CloudFormation

02Application configuration auditing for insecure defaults and missing headers

03883 GitHub stars

04Actionable remediation recommendations for identified vulnerabilities

05Real-time detection of exposed secrets, API keys, and sensitive data

06Compliance checking against industry security best practices

ユースケース

01Auditing Terraform or CloudFormation files for publicly accessible cloud resources

02Scanning application.yml or .env files for security gaps and exposed credentials

03Performing pre-deployment security assessments of system configurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills skill-adapter

For use in Claude.ai and ChatGPT

Download Skill