Which configuration formats are supported?

The skill supports a wide range of formats including Terraform, CloudFormation, YAML, JSON, and various system-level configuration files.

Does it provide fixes or just identify problems?

It identifies specific security flaws and provides detailed remediation recommendations that you can implement to secure your environment.

Can it detect exposed API keys?

Yes, the skill is designed to scan configuration files for hardcoded secrets, API keys, and other sensitive credentials that should not be in plain text.

Is this skill suitable for DevSecOps workflows?

Absolutely. It is an ideal tool for shifting security left, allowing developers to catch configuration errors during the coding and PR review phases.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

883

•

安全与测试

Scans infrastructure-as-code and application settings to identify and remediate security vulnerabilities and compliance gaps.

This skill empowers Claude to proactively detect security weaknesses across your technical stack by analyzing configuration files, system settings, and infrastructure-as-code (IaC) templates. By leveraging specialized plugin logic, it audits environments for insecure defaults, exposed secrets, and non-compliant access controls, providing actionable remediation advice to ensure your deployments adhere to industry security best practices and compliance standards before they reach production.

主要功能

01Automated IaC scanning for Terraform and CloudFormation templates

02Detailed remediation recommendations for all identified vulnerabilities

03Identification of exposed sensitive data such as API keys and credentials

04883 GitHub stars

05Application configuration auditing for insecure defaults and missing headers

06Compliance checking against industry-standard security best practices

使用场景

01Reviewing cloud infrastructure templates for public resource exposure before deployment

02Performing regular security assessments of system-level access control policies

03Auditing application environment files for hardcoded secrets and insecure settings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill

主要功能

01Automated IaC scanning for Terraform and CloudFormation templates

02Detailed remediation recommendations for all identified vulnerabilities

03Identification of exposed sensitive data such as API keys and credentials

04883 GitHub stars

05Application configuration auditing for insecure defaults and missing headers

06Compliance checking against industry-standard security best practices

使用场景

01Reviewing cloud infrastructure templates for public resource exposure before deployment

02Performing regular security assessments of system-level access control policies

03Auditing application environment files for hardcoded secrets and insecure settings

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill