From security-misconfiguration-finder
Configure identify security misconfigurations in infrastructure-as-code, application settings, and system configurations. Use when you need to audit Terraform/CloudFormation templates, check application config files, validate system security settings, or ensure compliance with security best practices. Trigger with phrases like "find security misconfigurations", "audit infrastructure security", "check config security", or "scan for misconfigured settings".
npx claudepluginhub flight505/skill-forge --plugin security-misconfiguration-finderThis skill is limited to using the following tools:
Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.
Prevents silent decimal mismatch bugs in EVM ERC-20 tokens via runtime decimals lookup, chain-aware caching, bridged-token handling, and normalization. For DeFi bots, dashboards using Python/Web3, TypeScript/ethers, Solidity.
Share bugs, ideas, or general feedback.
Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.
${CLAUDE_SKILL_DIR}/ (Terraform .tf, CloudFormation .yaml/.json, Ansible playbooks, Kubernetes manifests)application.yml, config.json, .env.example, web.config)Dockerfile, docker-compose.yml, Helm charts)nginx.conf, httpd.conf, .htaccess) if applicable${CLAUDE_SKILL_DIR}/security-findings/tfsec, checkov, or trivy config installed for automated pre-scanning${CLAUDE_SKILL_DIR}/ for IaC templates (.tf, .yaml, .json, .template), application configs, container definitions, and web server configs.0.0.0.0/0 ingress on sensitive ports (22, 3389, 3306, 5432, 27017), missing VPC flow logs, and absent network segmentation.*) permissions in IAM policies, service accounts with admin privileges, missing MFA enforcement, and hardcoded credentials in source (CWE-798).*), missing CSRF protection, disabled authentication endpoints, and API keys in config files.privileged: true, writable root filesystems, and images without pinned digests.${CLAUDE_SKILL_DIR}/security-findings/misconfig-YYYYMMDD.md with per-finding severity, CIS/CWE mapping, affected file and line, remediation code, and verification command.See ${CLAUDE_SKILL_DIR}/references/implementation.md for the full six-section implementation guide covering IaC, application, and system checks.
${CLAUDE_SKILL_DIR}/security-findings/misconfig-YYYYMMDD.md with all misconfigurations categorized by severity| Error | Cause | Solution |
|---|---|---|
Syntax error in ${CLAUDE_SKILL_DIR}/terraform/main.tf | Malformed HCL, YAML, or JSON | Validate file syntax first; skip malformed files and note parse errors in report |
| Cannot determine cloud provider from configuration | Missing provider blocks or ambiguous file structure | Look for provider blocks and file naming conventions; fall back to generic security checks |
| Cannot read encrypted configuration | SOPS-encrypted or binary config files | Request decrypted version or exported config; document inability to audit |
| Too many config files (500+) | Large monorepo or multi-service project | Prioritize by file type: IaC first, then app configs, then system configs |
| Flagged configuration is intentional (dev environment) | False positive in non-production context | Support environment-specific exception rules; allow .securityignore overrides |
${CLAUDE_SKILL_DIR}/ for overly permissive security groups and IAM wildcard policies."${CLAUDE_SKILL_DIR}/references/errors.md -- full error handling reference${CLAUDE_SKILL_DIR}/references/examples.md -- additional usage examples