From security-misconfiguration-finder
Audits IaC templates (Terraform/CloudFormation), app configs, Docker/Kubernetes manifests, and web server settings for security misconfigurations per OWASP and CIS benchmarks.
How this skill is triggered — by the user, by Claude, or both
Slash command
/security-misconfiguration-finder:finding-security-misconfigurationsThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.
Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.
${CLAUDE_SKILL_DIR}/ (Terraform .tf, CloudFormation .yaml/.json, Ansible playbooks, Kubernetes manifests)application.yml, config.json, .env.example, web.config)Dockerfile, docker-compose.yml, Helm charts)nginx.conf, httpd.conf, .htaccess) if applicable${CLAUDE_SKILL_DIR}/security-findings/tfsec, checkov, or trivy config installed for automated pre-scanning${CLAUDE_SKILL_DIR}/ for IaC templates (.tf, .yaml, .json, .template), application configs, container definitions, and web server configs.0.0.0.0/0 ingress on sensitive ports (22, 3389, 3306, 5432, 27017), missing VPC flow logs, and absent network segmentation.*) permissions in IAM policies, service accounts with admin privileges, missing MFA enforcement, and hardcoded credentials in source (CWE-798).*), missing CSRF protection, disabled authentication endpoints, and API keys in config files.privileged: true, writable root filesystems, and images without pinned digests.${CLAUDE_SKILL_DIR}/security-findings/misconfig-YYYYMMDD.md with per-finding severity, CIS/CWE mapping, affected file and line, remediation code, and verification command.See ${CLAUDE_SKILL_DIR}/references/implementation.md for the full six-section implementation guide covering IaC, application, and system checks.
${CLAUDE_SKILL_DIR}/security-findings/misconfig-YYYYMMDD.md with all misconfigurations categorized by severity| Error | Cause | Solution |
|---|---|---|
Syntax error in ${CLAUDE_SKILL_DIR}/terraform/main.tf | Malformed HCL, YAML, or JSON | Validate file syntax first; skip malformed files and note parse errors in report |
| Cannot determine cloud provider from configuration | Missing provider blocks or ambiguous file structure | Look for provider blocks and file naming conventions; fall back to generic security checks |
| Cannot read encrypted configuration | SOPS-encrypted or binary config files | Request decrypted version or exported config; document inability to audit |
| Too many config files (500+) | Large monorepo or multi-service project | Prioritize by file type: IaC first, then app configs, then system configs |
| Flagged configuration is intentional (dev environment) | False positive in non-production context | Support environment-specific exception rules; allow .securityignore overrides |
${CLAUDE_SKILL_DIR}/ for overly permissive security groups and IAM wildcard policies."${CLAUDE_SKILL_DIR}/references/errors.md -- full error handling reference${CLAUDE_SKILL_DIR}/references/examples.md -- additional usage examples9plugins reuse this skill
First indexed Jul 10, 2026
Showing the 6 earliest of 9 plugins
npx claudepluginhub fleet-to-force/claude-code-plugins-plus --plugin security-misconfiguration-finderScans Terraform, CloudFormation, Kubernetes, Docker, application configs, and web servers for security misconfigurations mapped to OWASP and CIS benchmarks.
Audits AWS/Azure/GCP cloud security, hardens containers and Kubernetes, and scans Infrastructure as Code (Terraform, CloudFormation). Reports against CIS Benchmarks, SOC2, PCI-DSS, and HIPAA.
Scans configuration files, Dockerfiles, Kubernetes manifests, and Terraform for security misconfigurations like secrets exposure, privileged containers, and permissive IAM policies.