Is it suitable for production environment audits?

While it is excellent for pre-deployment checks, it can also be used to audit existing configuration files and system settings to find drift from security best practices.

What file formats can this skill analyze?

The skill can analyze a wide variety of configuration formats including Terraform (.tf), CloudFormation, YAML, JSON, and standard system configuration files.

Does it provide instructions on how to fix the issues?

Yes, Claude will present the identified misconfigurations along with specific, actionable recommendations for remediation.

Can this skill find exposed API keys?

Yes, it is designed to scan configuration files for sensitive data such as hardcoded API keys, exposed secrets, and insecure credential storage.

Security Misconfiguration Finder

Name: Security Misconfiguration Finder
Author: jeremylongshore

byjeremylongshore

•

884

Security & Testing

Identifies and remediates security vulnerabilities within infrastructure-as-code deployments and application configuration files.

About

This skill empowers Claude to proactively detect security misconfigurations across a wide range of environments, from cloud infrastructure templates to local application settings. By leveraging specialized scanning logic, it analyzes files like Terraform configurations, Kubernetes manifests, and YAML application defaults to pinpoint risks such as publicly accessible resources, disabled security headers, or exposed credentials. It is an essential tool for developers and DevOps engineers looking to automate security auditing and ensure their systems remain compliant with industry best practices before deployment.

Key Features

Automated scanning of Infrastructure-as-Code (IaC) files
Identification of exposed secrets and API keys in settings
Actionable remediation guidance for every identified vulnerability
Detection of insecure defaults in application configurations
Compliance auditing for system access controls and password policies
884 GitHub stars

Use Cases

Auditing Terraform or CloudFormation files for public S3 buckets and open security groups
Scanning application.yml or web.config files for disabled encryption or security features
Reviewing system environment variables and settings for compliance with security standards

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add jeremylongshore/claude-code-plugins-plus-skills security-misconfiguration-finder

For use in Claude.ai and ChatGPT

Download Skill

GitHub