AgentSkill.club - Claude Skills Marketplace Logoagentskill.club

finding-security-misconfigurationsClaude Skill

Configure identify security misconfigurations in infrastructure-as-code, application settings, and system configurations.

1.4k Stars
173 Forks
2025/10/10

Install & Download

Linux / macOS:

请登录后查看安装命令

Windows (PowerShell):

请登录后查看安装命令

Download and extract to ~/.claude/skills/

namefinding-security-misconfigurations
descriptionConfigure identify security misconfigurations in infrastructure-as-code, application settings, and system configurations. Use when you need to audit Terraform/CloudFormation templates, check application config files, validate system security settings, or ensure compliance with security best practices. Trigger with phrases like "find security misconfigurations", "audit infrastructure security", "check config security", or "scan for misconfigured settings".
allowed-toolsRead, Write, Edit, Grep, Glob, Bash(config-scan:*), Bash(iac-check:*)
version1.0.0
authorJeremy Longshore <jeremy@intentsolutions.io>
licenseMIT

Finding Security Misconfigurations

Overview

This skill provides automated assistance for the described functionality.

Prerequisites

Before using this skill, ensure:

  • Configuration files accessible in {baseDir}/ (Terraform, CloudFormation, YAML, JSON)
  • Infrastructure-as-code files (.tf, .yaml, .json, .template)
  • Application configuration files (application.yml, config.json, .env.example)
  • System configuration exports available
  • Write permissions for findings report in {baseDir}/security-findings/

Instructions

  1. Identify the target system/service and gather current configuration.
  2. Compare settings against baseline hardening guidance.
  3. Flag risky defaults, drift, and missing controls with severity.
  4. Provide a minimal-change remediation plan and verification steps.

See {baseDir}/references/implementation.md for detailed implementation guide.

Output

The skill produces:

Primary Output: Security misconfigurations report saved to {baseDir}/security-findings/misconfig-YYYYMMDD.md

Report Structure:

# Security Misconfiguration Findings

## Error Handling

See `{baseDir}/references/errors.md` for comprehensive error handling.

## Examples

See `{baseDir}/references/examples.md` for detailed examples.

## Resources

- CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks/
- OWASP Configuration Guide: https://cheatsheetseries.owasp.org/cheatsheets/Infrastructure_as_Code_Security_Cheatsheet.html
- Cloud Security Alliance: https://cloudsecurityalliance.org/
- tfsec (Terraform): https://github.com/aquasecurity/tfsec
- Checkov (Multi-cloud): https://www.checkov.io/

Similar Claude Skills & Agent Workflows

idapython

5.1k
mrexodia's avatar - Developer of idapython Claude skillmrexodia/ida-pro-mcp
2026/01/18

IDA Pro Python scripting for reverse engineering.

webhook-signature-validator

1.0k
jeremylongshore's avatar - Developer of webhook-signature-validator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Validate webhook signature validator operations.

bearer-token-validator

1.0k
jeremylongshore's avatar - Developer of bearer-token-validator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Validate bearer token validator operations.

api-key-auth-setup

1.0k
jeremylongshore's avatar - Developer of api-key-auth-setup Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Configure api key auth setup operations.

iam-binding-creator

1.0k
jeremylongshore's avatar - Developer of iam-binding-creator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Create iam binding creator operations.

firewall-rule-generator

1.0k
jeremylongshore's avatar - Developer of firewall-rule-generator Claude skilljeremylongshore/claude-code-plugins-plus-skills
2026/01/18

Generate firewall rule generator operations.