finding-security-misconfigurations
This skill enables Claude to identify potential security misconfigurations in various systems and configurations. It leverages the security-misconfiguration-finder plugin to analyze infrastructure-as-code, application configurations, and system settings, pinpointing common vulnerabilities and compliance issues. Use this skill when the user asks to "find security misconfigurations", "check for security vulnerabilities in my configuration", "audit security settings", or requests a security assessment of a specific system or file. This skill will assist in identifying and remediating potential security weaknesses.
Install with Tessl CLI
npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill finding-security-misconfigurations92
Quality
51%
Does it follow best practices?
Impact
100%
1.01xAverage score across 9 eval scenarios
Optimize this skill with Tessl
npx tessl skill review --optimize ./backups/skills-migration-20251108-070147/plugins/security/security-misconfiguration-finder/skills/security-misconfiguration-finder/SKILL.mdEvaluation results
100%
Cloud Infrastructure Security Audit
Terraform IaC security findings with risk-prioritized remediation
Target specified
100%
100%
Public S3 bucket flagged
100%
100%
Public RDS flagged
100%
100%
Open security group flagged
100%
100%
Hardcoded credentials flagged
100%
100%
Overly broad IAM flagged
100%
100%
Unencrypted storage flagged
100%
100%
Remediation per finding
100%
100%
Risk/severity classification
100%
100%
High-risk items ranked first
100%
100%
Without context: $0.3498 · 3m 42s · 11 turns · 12 in / 7,596 out tokens
With context: $0.4740 · 4m 51s · 23 turns · 56 in / 7,716 out tokens
100%
Production Readiness: Application Security Configuration Review
Application config audit: exposed secrets and disabled security features
Live API keys flagged
100%
100%
Database credentials flagged
100%
100%
SSL/HTTPS disabled flagged
100%
100%
CSRF disabled flagged
100%
100%
Debug/stack traces in prod flagged
100%
100%
Permissive CORS flagged
100%
100%
Insecure session config flagged
100%
100%
Management endpoints exposed flagged
100%
100%
Remediation per finding
100%
100%
Risk priority ordering
100%
100%
Without context: $0.2537 · 3m 19s · 8 turns · 9 in / 5,499 out tokens
With context: $0.4551 · 4m 36s · 18 turns · 51 in / 7,818 out tokens
100%
3%Security-First Deployment Pipeline for a New Microservice
Pre-deployment IaC security gate and recurring audit planning
IaC target identified
100%
100%
Patient data bucket exposure
100%
100%
Hardcoded secrets in IaC
100%
100%
IaC findings with remediation
100%
100%
IaC findings risk-prioritized
62%
100%
Pre-deployment security gate
100%
100%
Recurring audit schedule
100%
100%
Multi-type config coverage
100%
100%
Audit logging disabled flagged
100%
100%
Open security group flagged
100%
100%
Without context: $0.3309 · 3m 23s · 12 turns · 15 in / 7,388 out tokens
With context: $0.6436 · 6m 12s · 23 turns · 22 in / 11,809 out tokens
100%
Linux Server Security Compliance Review
System settings compliance: SSH and password policy audit
Target files named
100%
100%
PermitRootLogin flagged
100%
100%
PermitEmptyPasswords flagged
100%
100%
PasswordAuthentication risk noted
100%
100%
MaxAuthTries too high
100%
100%
Idle session timeout missing
100%
100%
Weak password minimum length
100%
100%
No password expiry policy
100%
100%
X11/TCP forwarding risk
100%
100%
Remediation per finding
100%
100%
Risk severity ordering
100%
100%
Without context: $0.2474 · 2m 16s · 8 turns · 9 in / 5,221 out tokens
With context: $0.4768 · 5m 22s · 22 turns · 103 in / 7,407 out tokens
100%
Nginx Web Server Security Review
Web server security headers and nginx misconfiguration audit
Target config named
100%
100%
HTTP without HTTPS redirect
100%
100%
HSTS header missing
100%
100%
X-Frame-Options missing
100%
100%
X-Content-Type-Options missing
100%
100%
server_tokens on flagged
100%
100%
Weak TLS protocols flagged
100%
100%
Insecure SSL cipher flagged
100%
100%
stub_status exposed
100%
100%
autoindex enabled flagged
100%
100%
Remediation per finding
100%
100%
Risk severity ordering
100%
100%
Without context: $0.2128 · 2m 9s · 8 turns · 9 in / 4,840 out tokens
With context: $0.4553 · 4m 23s · 20 turns · 414 in / 7,113 out tokens
100%
Docker Deployment Security Assessment
Docker environment audit with formal security report
Target files named
100%
100%
Hardcoded secrets flagged
100%
100%
DISABLE_AUTH flagged
100%
100%
Privileged container flagged
100%
100%
Docker socket mount flagged
100%
100%
Root filesystem mount flagged
100%
100%
Database/Redis exposed externally
100%
100%
Debug port exposed
100%
100%
Severity classification
100%
100%
Remediation per finding
100%
100%
Without context: $0.2612 · 1m 47s · 9 turns · 10 in / 5,472 out tokens
With context: $0.4022 · 3m 57s · 16 turns · 410 in / 7,619 out tokens
100%
Kubernetes Cluster Onboarding Security Review
Kubernetes workload security misconfiguration audit
Target files named
100%
100%
Privileged container flagged
100%
100%
Running as root flagged
100%
100%
hostNetwork flagged
100%
100%
hostPID flagged
100%
100%
Hardcoded secrets in env vars flagged
100%
100%
allowPrivilegeEscalation flagged
100%
100%
No resource limits flagged
100%
100%
Service type LoadBalancer/NodePort risk
100%
100%
Remediation per finding
100%
100%
Risk severity ordering
100%
100%
Without context: $0.2443 · 2m 9s · 11 turns · 11 in / 4,853 out tokens
With context: $0.4855 · 5m 3s · 21 turns · 103 in / 7,728 out tokens
100%
CI/CD Pipeline Security Assessment
CI/CD pipeline security misconfiguration audit
Target files named
100%
100%
Hardcoded secrets flagged
100%
100%
Overly permissive token permissions flagged
100%
100%
pull_request_target with checkout flagged
100%
100%
Script injection via untrusted input flagged
100%
100%
Unpinned third-party actions flagged
100%
100%
Secrets printed to logs flagged
100%
100%
Remediation per finding
100%
100%
Risk severity ordering
100%
100%
Self-hosted runner risk noted
100%
100%
Without context: $0.2003 · 2m 19s · 11 turns · 53 in / 4,125 out tokens
With context: $0.4614 · 5m · 22 turns · 134 in / 7,883 out tokens
100%
Database Server Compliance Review
Database server security configuration audit
Target files named
100%
100%
Network bind address flagged
100%
100%
Unrestricted client authentication flagged
100%
100%
No SSL/TLS for connections flagged
100%
100%
General query logging flagged
100%
100%
Local file read privilege flagged
100%
100%
Weak or absent password policy flagged
100%
100%
Superuser remote login flagged
100%
100%
Remediation per finding
100%
100%
Risk severity ordering
100%
100%
Without context: $0.4209 · 4m 36s · 21 turns · 20 in / 7,377 out tokens
With context: $0.4649 · 5m 21s · 21 turns · 21 in / 7,132 out tokens
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.