Skip to main content

Insecure Defaults

Plugin Active
Part of:Trailofbits

Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production

1 Skill 0 MCPs
Purpose

To help developers and security auditors proactively identify and mitigate risks associated with insecure default configurations before they can be exploited.

Features

  • Detects hardcoded fallback secrets
  • Identifies default credentials and weak authentication
  • Flags weak cryptographic defaults
  • Analyzes permissive access control configurations
  • Distinguishes fail-open from fail-secure behaviors

Use Cases

  • Conducting security audits on production applications
  • Reviewing deployment manifests (Docker, Kubernetes, IaC)
  • Performing pre-production checks for security misconfigurations
  • Analyzing environment variable handling for secrets management

Non-Goals

  • Detecting vulnerabilities in test fixtures or example files
  • Analyzing development-only tools or build-time configurations
  • Scanning documentation files for security issues
  • Identifying 'fail-secure' patterns where applications crash safely

Trust

  • warning:Issues Attention13 issues opened, 4 closed in the last 90 days, indicating a low closure rate and potential for slow maintainer response.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install insecure-defaults@trailofbits

Contains 1 extensions

Skill (1)

Insecure Defaults Skill

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

75

Quality Score

85 /100
Analyzed about 13 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Dotforge Stack Python Fastapi

100

Python 3.12+ with FastAPI, async/await, type hints, and Ruff linting rules for Claude Code.

Plugin
luiseiman

Dotforge

100

Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.

Plugin
luiseiman

C4 Architecture

99

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

Plugin
wshobson

Dimensional Analysis

99

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

Plugin
trailofbits

Ruflo Knowledge Graph

99

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

Plugin
ruvnet

Credential Guard

98

Protect secrets and credentials from Claude Code. Blocks writes to .env files, detects API keys in shell commands, prevents hardcoded tokens, and guards service account JSON files.

Plugin
yurukusa

© 2025 SkillRepo · Find the right skill, skip the noise.