此内容尚未提供您的语言版本,正在以英文显示。

Insecure Defaults

插件活跃

Detects insecure default configurations including hardcoded credentials, fallback secrets, weak authentication defaults, and dangerous values in production

1 个 Skill 0 个 MCP

目的

To help developers and security auditors proactively identify and mitigate risks associated with insecure default configurations before they can be exploited.

功能

Detects hardcoded fallback secrets
Identifies default credentials and weak authentication
Flags weak cryptographic defaults
Analyzes permissive access control configurations
Distinguishes fail-open from fail-secure behaviors

使用场景

Conducting security audits on production applications
Reviewing deployment manifests (Docker, Kubernetes, IaC)
Performing pre-production checks for security misconfigurations
Analyzing environment variable handling for secrets management

非目标

Detecting vulnerabilities in test fixtures or example files
Analyzing development-only tools or build-time configurations
Scanning documentation files for security issues
Identifying 'fail-secure' patterns where applications crash safely

Trust

warning:Issues Attention13 issues opened, 4 closed in the last 90 days, indicating a low closure rate and potential for slow maintainer response.

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills

/plugin install insecure-defaults@trailofbits

包含 1 个扩展

Skill (1)

Insecure Defaults 技能

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

质量评分

85 /100

1 day ago 分析

信任信号

最近提交3 days ago

GitHub 所有者 trailofbits

星标5.2k

许可证CC-BY-SA-4.0

状态

查看源代码

类似扩展

Dotforge Stack Python Fastapi

100

Python 3.12+ with FastAPI, async/await, type hints, and Ruff linting rules for Claude Code.

插件

luiseiman

Dotforge

100

Node.js 20+ with Express/Fastify, TypeScript, and ESM module rules for Claude Code.

插件

luiseiman

C4 Architecture

Comprehensive C4 architecture documentation workflow with bottom-up code analysis, component synthesis, container mapping, and context diagram generation

插件

wshobson

Dimensional Analysis

Annotates codebases with dimensional analysis comments documenting units, dimensions, and decimal scaling. Use when someone asks to annotate units in a codebase, perform a dimensional analysis, or find vulnerabilities in a DeFi protocol. Prevents dimensional mismatches and catches formula bugs early.

插件

trailofbits

Ruflo Knowledge Graph

Knowledge graph construction — entity extraction, relation mapping, and pathfinder graph traversal

插件

ruvnet

Credential Guard

保护 Claude Code 中的密钥和凭证。阻止写入 .env 文件，检测 shell 命令中的 API 密钥，防止硬编码的令牌，并保护服务帐户 JSON 文件。

插件

yurukusa