Skills

finding-security-misconfigurations

Installation
SKILL.md

Finding Security Misconfigurations

Overview

Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.

Prerequisites

  • Infrastructure-as-code files accessible in ${CLAUDE_SKILL_DIR}/ (Terraform .tf, CloudFormation .yaml/.json, Ansible playbooks, Kubernetes manifests)
  • Application configuration files available (application.yml, config.json, .env.example, web.config)
  • Container definitions (Dockerfile, docker-compose.yml, Helm charts)
  • Web server configs (nginx.conf, httpd.conf, .htaccess) if applicable
  • Write permissions for findings output in ${CLAUDE_SKILL_DIR}/security-findings/
  • Optional: tfsec, checkov, or trivy config installed for automated pre-scanning

Instructions

Installs
1
Repository
jeremylongshore…ins-plus
GitHub Stars
2.2K
First Seen
Apr 4, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykFail
finding-security-misconfigurations — jeremylongshore/claude-code-plugins-plus