finding-security-misconfigurations
SKILL.md
Finding Security Misconfigurations
Overview
This skill provides automated assistance for the described functionality.
Prerequisites
Before using this skill, ensure:
- Configuration files accessible in {baseDir}/ (Terraform, CloudFormation, YAML, JSON)
- Infrastructure-as-code files (.tf, .yaml, .json, .template)
- Application configuration files (application.yml, config.json, .env.example)
- System configuration exports available
- Write permissions for findings report in {baseDir}/security-findings/
Instructions
- Identify the target system/service and gather current configuration.
- Compare settings against baseline hardening guidance.
- Flag risky defaults, drift, and missing controls with severity.
- Provide a minimal-change remediation plan and verification steps.
See {baseDir}/references/implementation.md for detailed implementation guide.
Output
The skill produces:
Primary Output: Security misconfigurations report saved to {baseDir}/security-findings/misconfig-YYYYMMDD.md
Report Structure:
# Security Misconfiguration Findings
## Error Handling
See `{baseDir}/references/errors.md` for comprehensive error handling.
## Examples
See `{baseDir}/references/examples.md` for detailed examples.
## Resources
- CIS Benchmarks: https://www.cisecurity.org/cis-benchmarks/
- OWASP Configuration Guide: https://cheatsheetseries.owasp.org/cheatsheets/Infrastructure_as_Code_Security_Cheatsheet.html
- Cloud Security Alliance: https://cloudsecurityalliance.org/
- tfsec (Terraform): https://github.com/aquasecurity/tfsec
- Checkov (Multi-cloud): https://www.checkov.io/
Weekly Installs
16
Repository
jeremylongshore…s-skillsGitHub Stars
1.6K
First Seen
Feb 1, 2026
Security Audits
Installed on
opencode15
claude-code15
codex15
mcpjam14
openhands14
zencoder14