Does it provide the code to fix the vulnerabilities?

Yes, for every issue found, the skill provides a specific remediation plan including the exact JSON path and configuration snippets needed to fix the problem.

How does the KrakenD Security Auditor work?

It uses a tiered approach: first attempting the native 'krakend audit' command, then falling back to a Docker-based audit, and finally performing manual heuristic checks to identify security risks.

Can this skill audit KrakenD Enterprise configurations?

Yes, it automatically detects Enterprise features and license files to provide edition-specific security recommendations and audit logic.

When should I use this skill?

You should use it before production deployments, after making configuration changes, or when reviewing the security posture of an existing API gateway.

What kind of security issues can it find?

It identifies missing authentication/authorization, exposed debug endpoints, lack of rate limiting (DoS protection), insecure CORS configurations, and missing security headers.

KrakenD Security Auditor

Name: KrakenD Security Auditor
Author: krakend

bykrakend

0•

安全与测试

Performs comprehensive security audits and vulnerability scanning for KrakenD API Gateway configurations to ensure production readiness.

The KrakenD Security Auditor is a specialized skill for Claude Code that identifies security vulnerabilities, authentication gaps, and configuration risks within your KrakenD API Gateway. It employs a sophisticated three-tier approach—utilizing native audit commands, Docker-based analysis, or heuristic fallback checks—to provide a prioritized report of critical, high, and medium-risk issues. Each finding includes the exact JSON path location, clear remediation steps, and ready-to-use configuration snippets to harden your API infrastructure.

主要功能

01Intelligent detection of Flexible Configuration (FC) for both CE and EE editions

02Automated security scanning using native KrakenD audit and Docker fallbacks

03Verification of authentication, rate limiting, CORS, and security headers

040 GitHub stars

05Actionable remediation guidance with specific JSON paths and code snippets

06Categorized issue reporting with severity levels from Critical to Info

使用场景

01Identifying anonymous or unauthenticated endpoints that should be protected

02Auditing existing configurations for security best practices and compliance violations

03Performing pre-production security checklists to ensure API gateways are hardened

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add krakend/claude-code-plugin security-auditor

For use in Claude.ai and ChatGPT

Download Skill