Skill

finding-security-misconfigurations

Audits IaC templates (Terraform/CloudFormation), app configs, Docker/Kubernetes manifests, and web server settings for security misconfigurations per OWASP and CIS benchmarks.

Terraform

AWS

npx claudepluginhub jeremylongshore/claude-code-plugins-plus-skills --plugin security-misconfiguration-finder

Tool Access

This skill is limited to using the following tools:

ReadWriteEditGrepGlobBash(config-scan:*)Bash(iac-check:*)

Preview

Scan infrastructure-as-code templates, application configuration files, and system settings to detect security misconfigurations mapped to OWASP A05:2021 (Security Misconfiguration) and CIS Benchmarks. Cover cloud resources (AWS, GCP, Azure), container orchestration (Kubernetes, Docker), web servers (Nginx, Apache), and application frameworks.

Supporting Assets

assets/README.mdreferences/README.mdreferences/errors.mdreferences/examples.mdreferences/implementation.mdscripts/README.md

SKILL.md

Similar Skills

config-scan

Detects security misconfigurations in .env files, Dockerfiles, docker-compose, Kubernetes manifests, Terraform, and application configs. Use for reviewing container, IaC, and config security.

jwynia-agent-skills-1

Cloud-Native Security

Identifies cloud-native security vulnerabilities including IMDS/SSRF exploitation, IAM misconfigurations, Kubernetes issues, serverless attack vectors, and cloud provider risks during code reviews, IaC audits, and pentesting.

vuln-scout

iac-checkov

108

Scans Infrastructure as Code for security misconfigurations and compliance violations using Checkov, supporting Terraform, CloudFormation, Kubernetes, Dockerfiles, and ARM templates.

8 files

threatmodel-skills

Stats

Parent Repo Stars1853

Parent Repo Forks248

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Finding Security Misconfigurations

Overview

Prerequisites

Infrastructure-as-code files accessible in ${CLAUDE_SKILL_DIR}/ (Terraform .tf, CloudFormation .yaml/.json, Ansible playbooks, Kubernetes manifests)
Application configuration files available (application.yml, config.json, .env.example, web.config)
Container definitions (Dockerfile, docker-compose.yml, Helm charts)
Web server configs (nginx.conf, httpd.conf, .htaccess) if applicable
Write permissions for findings output in ${CLAUDE_SKILL_DIR}/security-findings/
Optional: tfsec, checkov, or trivy config installed for automated pre-scanning

Instructions

Discover all configuration files by scanning ${CLAUDE_SKILL_DIR}/ for IaC templates (.tf, .yaml, .json, .template), application configs, container definitions, and web server configs.
Cloud storage: check for publicly accessible S3 buckets, unencrypted storage accounts, missing versioning, and overly permissive bucket policies (CIS AWS 2.1.1, 2.1.2).
Network security: flag security groups allowing 0.0.0.0/0 ingress on sensitive ports (22, 3389, 3306, 5432, 27017), missing VPC flow logs, and absent network segmentation.
IAM and access: detect wildcard (*) permissions in IAM policies, service accounts with admin privileges, missing MFA enforcement, and hardcoded credentials in source (CWE-798).
Compute resources: identify EC2/VM instances with unnecessary public IPs, unencrypted volumes, missing IMDSv2 enforcement, and outdated base images.
Database security: flag publicly accessible RDS/Cloud SQL instances, missing encryption at rest, disabled automated backups, default ports exposed without IP restrictions.
Application config: detect debug mode enabled in production, default credentials, CORS wildcard (*), missing CSRF protection, disabled authentication endpoints, and API keys in config files.
Container security: check for containers running as root, missing resource limits, privileged: true, writable root filesystems, and images without pinned digests.
Classify each finding: Critical (immediate exploitation risk), High (significant security impact), Medium (configuration weakness), Low (best practice violation).
Generate findings report at ${CLAUDE_SKILL_DIR}/security-findings/misconfig-YYYYMMDD.md with per-finding severity, CIS/CWE mapping, affected file and line, remediation code, and verification command.

See ${CLAUDE_SKILL_DIR}/references/implementation.md for the full six-section implementation guide covering IaC, application, and system checks.

Output

Findings Report: ${CLAUDE_SKILL_DIR}/security-findings/misconfig-YYYYMMDD.md with all misconfigurations categorized by severity
Remediation Plan: minimal-change fixes with before/after config snippets and verification commands
Compliance Mapping: each finding linked to CIS Benchmark, OWASP, or CWE reference
Summary Dashboard: finding counts by severity and category

Error Handling

Error	Cause	Solution
Syntax error in `${CLAUDE_SKILL_DIR}/terraform/main.tf`	Malformed HCL, YAML, or JSON	Validate file syntax first; skip malformed files and note parse errors in report
Cannot determine cloud provider from configuration	Missing provider blocks or ambiguous file structure	Look for provider blocks and file naming conventions; fall back to generic security checks
Cannot read encrypted configuration	SOPS-encrypted or binary config files	Request decrypted version or exported config; document inability to audit
Too many config files (500+)	Large monorepo or multi-service project	Prioritize by file type: IaC first, then app configs, then system configs
Flagged configuration is intentional (dev environment)	False positive in non-production context	Support environment-specific exception rules; allow `.securityignore` overrides

Examples

"Scan Terraform files in ${CLAUDE_SKILL_DIR}/ for overly permissive security groups and IAM wildcard policies."
"Review Kubernetes manifests for insecure defaults: privileged containers, missing resource limits, and root execution."
"Audit the Nginx and application configs for debug mode, information disclosure, and missing security headers."

Resources

CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks/
OWASP IaC Security Cheatsheet: https://cheatsheetseries.owasp.org/cheatsheets/Infrastructure_as_Code_Security_Cheatsheet.html
OWASP A05:2021 Security Misconfiguration: https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
tfsec (Terraform scanner): https://github.com/aquasecurity/tfsec
Checkov (multi-cloud IaC scanner): https://www.checkov.io/
CWE-16 Configuration: https://cwe.mitre.org/data/definitions/16.html
${CLAUDE_SKILL_DIR}/references/errors.md -- full error handling reference
${CLAUDE_SKILL_DIR}/references/examples.md -- additional usage examples
https://intentsolutions.io