Insecure Defaults
Skill AktivDetects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
To help developers and security auditors automatically detect and report on insecure default configurations that could lead to security breaches.
Funktionen
- Detects hardcoded secrets and weak credentials
- Identifies fail-open security vulnerabilities
- Distinguishes critical vulnerabilities from safe patterns
- Analyzes configuration files and environment variable handling
Anwendungsfälle
- Auditing security of production applications
- Reviewing configuration management and IaC templates
- Code review for secrets management
- Pre-deployment security checks
Nicht-Ziele
- Analyzing test fixtures or development-only tools
- Auditing example/template files
- Verifying build-time configuration replaced during deployment
- Reporting on fail-secure patterns that crash safely
Trust
- warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicate a low closure rate and potential slow response from maintainers.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install insecure-defaults@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Janitor Usage
100Zeigt, welche Skills Sie verwenden und welche Sie nie verwenden
Setup Tailwind Typescript
100Configure Tailwind CSS with TypeScript in a Next.js or React project. Covers installation, configuration, custom theme extensions, component patterns, and type-safe styling utilities. Use when adding Tailwind CSS to an existing TypeScript project, customizing the Tailwind theme for a project's design system, setting up type-safe component styling patterns, or configuring Tailwind plugins and extensions.
Setup
100Use first for install/update routing — sends setup, doctor, or MCP requests to the correct OMC setup flow
Mcp Setup
100Configure popular MCP servers for enhanced agent capabilities
Running Claude Code Via Litellm Copilot
100Verwenden Sie dies beim Routing von Claude Code über einen lokalen LiteLLM-Proxy zu GitHub Copilot, um die direkten Anthropic-Ausgaben zu reduzieren, indem Sie ANTHROPIC_BASE_URL- oder ANTHROPIC_MODEL-Overrides konfigurieren oder Fehler bei der Einrichtung des Copilot-Proxys beheben, wie z. B. model-not-found, kein localhost-Traffic oder GitHub 401/403-Authentifizierungsfehler.
Sync Setup
100Wird verwendet, wenn der Benutzer zum ersten Mal die Konfigurationssynchronisierung einrichten, eine Verbindung zu GitHub herstellen oder das Backup-Repository neu initialisieren möchte.