Insecure Defaults

Skill Active

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

Purpose

To help developers and security auditors automatically detect and report on insecure default configurations that could lead to security breaches.

Features

Detects hardcoded secrets and weak credentials
Identifies fail-open security vulnerabilities
Distinguishes critical vulnerabilities from safe patterns
Analyzes configuration files and environment variable handling

Use Cases

Auditing security of production applications
Reviewing configuration management and IaC templates
Code review for secrets management
Pre-deployment security checks

Non-Goals

Analyzing test fixtures or development-only tools
Auditing example/template files
Verifying build-time configuration replaced during deployment
Reporting on fail-secure patterns that crash safely

Trust

warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicate a low closure rate and potential slow response from maintainers.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills

/plugin install insecure-defaults@trailofbits

Quality Score

75 /100

Analyzed about 13 hours ago

Trust Signals

Last commit3 days ago

GitHub owner trailofbits

Stars5.2k

LicenseCC-BY-SA-4.0

Status

View Source

Similar Extensions

Janitor Usage

100

Show which skills you use and which you never use

Skill

khendzel

Setup Tailwind Typescript

100

Configure Tailwind CSS with TypeScript in a Next.js or React project. Covers installation, configuration, custom theme extensions, component patterns, and type-safe styling utilities. Use when adding Tailwind CSS to an existing TypeScript project, customizing the Tailwind theme for a project's design system, setting up type-safe component styling patterns, or configuring Tailwind plugins and extensions.

Skill

pjt222

Setup

100

Use first for install/update routing — sends setup, doctor, or MCP requests to the correct OMC setup flow

Skill

Yeachan-Heo

Mcp Setup

100

Configure popular MCP servers for enhanced agent capabilities

Skill

Yeachan-Heo

Running Claude Code Via Litellm Copilot

100

Use when routing Claude Code through a local LiteLLM proxy to GitHub Copilot, reducing direct Anthropic spend, configuring ANTHROPIC_BASE_URL or ANTHROPIC_MODEL overrides, or troubleshooting Copilot proxy setup failures such as model-not-found, no localhost traffic, or GitHub 401/403 auth errors.

Skill

xixu-me

Sync Setup

100

Use when the user wants to set up config sync for the first time, connect to GitHub, or re-initialize the backup repo.

Skill

rohithzr