Which frameworks are supported by this skill?

It supports a wide range of frameworks including Terraform, CloudFormation, Kubernetes, ARM, Serverless, and Helm.

What tools does the IaC Scanner skill use?

It wraps tfsec for Terraform-specific scans and Checkov for multi-cloud and multi-framework IaC security audits.

Do I need to install tfsec or Checkov locally?

Yes, the skill requires these tools to be installed on your system (via brew, pip, or go) to execute the underlying scans.

Can I export the scan results?

Yes, the skill supports a --json flag to provide structured output suitable for programmatic processing or integration into other tools.

How do I trigger an infrastructure scan in Claude?

Simply ask Claude to 'scan Terraform', 'run IaC security', or use specific tool names like 'tfsec' or 'checkov' within your project directory.

IaC Security Scanner

Name: IaC Security Scanner
Author: naporin0624

bynaporin0624

0•

Security & Testing

Scans Infrastructure as Code (IaC) templates for security misconfigurations and compliance issues using industry-standard tools like tfsec and Checkov.

The IaC Scanner skill empowers Claude to perform automated security audits on cloud infrastructure configurations directly within your development workflow. By wrapping powerful engines like tfsec and Checkov, it identifies critical vulnerabilities such as unencrypted storage, overly permissive IAM policies, and exposed network ports across frameworks like Terraform, Kubernetes, and CloudFormation. This skill is essential for developers and DevOps engineers who want to maintain a secure-by-default posture, offering detailed reports with severity levels and actionable remediation steps to fix infrastructure flaws before they reach production.

Key Features

01Automated security scanning for Terraform, Kubernetes, and CloudFormation

02Detection of hardcoded secrets and credential leaks in config files

03Dual-engine support utilizing both tfsec and Checkov

04Support for multi-cloud environments including AWS, Azure, and GCP

050 GitHub stars

06Detailed vulnerability reporting with severity levels and remediation advice

Use Cases

01Identifying overly permissive IAM policies and open security groups

02Ensuring Kubernetes manifests follow security best practices

03Pre-deployment security audits of Terraform configurations

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins iac-scanner

For use in Claude.ai and ChatGPT

Download Skill