Does it provide the code to fix the vulnerabilities?

Yes, for every issue found, the skill provides a specific remediation plan including the exact JSON path and configuration snippets needed to fix the problem.

How does the KrakenD Security Auditor work?

It uses a tiered approach: first attempting the native 'krakend audit' command, then falling back to a Docker-based audit, and finally performing manual heuristic checks to identify security risks.

Can this skill audit KrakenD Enterprise configurations?

Yes, it automatically detects Enterprise features and license files to provide edition-specific security recommendations and audit logic.

When should I use this skill?

You should use it before production deployments, after making configuration changes, or when reviewing the security posture of an existing API gateway.

What kind of security issues can it find?

It identifies missing authentication/authorization, exposed debug endpoints, lack of rate limiting (DoS protection), insecure CORS configurations, and missing security headers.

KrakenD Security Auditor

Name: KrakenD Security Auditor
Author: krakend

bykrakend

Security & Testing

Performs comprehensive security audits and vulnerability scanning for KrakenD API Gateway configurations to ensure production readiness.

About

The KrakenD Security Auditor is a specialized skill for Claude Code that identifies security vulnerabilities, authentication gaps, and configuration risks within your KrakenD API Gateway. It employs a sophisticated three-tier approach—utilizing native audit commands, Docker-based analysis, or heuristic fallback checks—to provide a prioritized report of critical, high, and medium-risk issues. Each finding includes the exact JSON path location, clear remediation steps, and ready-to-use configuration snippets to harden your API infrastructure.

Key Features

Intelligent detection of Flexible Configuration (FC) for both CE and EE editions
Automated security scanning using native KrakenD audit and Docker fallbacks
Verification of authentication, rate limiting, CORS, and security headers
0 GitHub stars
Actionable remediation guidance with specific JSON paths and code snippets
Categorized issue reporting with severity levels from Critical to Info

Use Cases

Identifying anonymous or unauthenticated endpoints that should be protected
Auditing existing configurations for security best practices and compliance violations
Performing pre-production security checklists to ensure API gateways are hardened

About

Key Features

Intelligent detection of Flexible Configuration (FC) for both CE and EE editions
Automated security scanning using native KrakenD audit and Docker fallbacks
Verification of authentication, rate limiting, CORS, and security headers
0 GitHub stars
Actionable remediation guidance with specific JSON paths and code snippets
Categorized issue reporting with severity levels from Critical to Info

Use Cases

Identifying anonymous or unauthenticated endpoints that should be protected
Auditing existing configurations for security best practices and compliance violations
Performing pre-production security checklists to ensure API gateways are hardened