[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-jwynia-config-scan-zh-CN":3,"guides-for-jwynia-config-scan":224,"similar-k1791m270vs77gz05mrvs3w3v1866mme":225},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":22,"identity":190,"isFallback":195,"parentExtension":196,"providers":197,"relations":201,"repo":203,"workflow":221},1778053622473.673,"k1791m270vs77gz05mrvs3w3v1866mme",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":12,"sourceUrl":13,"tags":14},"Detect security misconfigurations in config files, Docker, and IaC. Use when reviewing configuration security for containers, Kubernetes, Terraform, or application settings.",{},"Config Scan","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/security/config-scan",[15,16,17,18,19,20,21],"security","configuration","docker","kubernetes","terraform","iac","compliance",{"_creationTime":23,"_id":24,"extensionId":5,"locale":25,"result":26,"trustSignals":178,"workflow":188},1778054012697.0583,"kn7egvs9kf4v58qwngbzjn3gbn867bzd","en",{"checks":27,"evaluatedAt":168,"extensionSummary":169,"promptVersionExtension":170,"promptVersionScoring":171,"rationale":172,"score":173,"summary":174,"tags":175,"targetMarket":176,"tier":177},[28,33,36,39,43,46,50,54,57,60,64,69,72,76,79,82,85,88,91,94,97,101,105,109,114,117,120,123,127,130,133,136,139,142,146,149,152,155,158,161,165],{"category":29,"check":30,"severity":31,"summary":32},"Practical Utility","Problem relevance","pass","The description clearly names the user problem of detecting security misconfigurations in various configuration files and IaC.",{"category":29,"check":34,"severity":31,"summary":35},"Unique selling proposition","The skill implements specific detection patterns and rules for various configuration types, offering value beyond a generic security scan.",{"category":29,"check":37,"severity":31,"summary":38},"Production readiness","The skill provides comprehensive checks for environment files, Docker, Kubernetes, IaC, and application configurations, covering a complete lifecycle of security review.",{"category":40,"check":41,"severity":31,"summary":42},"Scope","Single responsibility principle","The skill focuses on security misconfigurations within configuration files and IaC, adhering to a single, well-defined domain.",{"category":40,"check":44,"severity":31,"summary":45},"Description quality","The displayed description is concise, accurate, and directly reflects the skill's capabilities.",{"category":47,"check":48,"severity":31,"summary":49},"Invocation","Scoped tools","The skill uses narrow verb-noun tools like `--docker`, `--k8s`, `--terraform`, etc., which are specific and easy for an agent to select.",{"category":51,"check":52,"severity":31,"summary":53},"Documentation","Configuration & parameter reference","Configuration options like ignore rules, scan profiles, and thresholds are clearly documented.",{"category":40,"check":55,"severity":31,"summary":56},"Tool naming","Tool names like `--docker`, `--k8s`, and `--terraform` are descriptive and adhere to the domain.",{"category":40,"check":58,"severity":31,"summary":59},"Minimal I/O surface","The skill's output format is structured and clearly defines findings, while inputs are controlled via flags.",{"category":61,"check":62,"severity":31,"summary":63},"License","License usability","The license is MIT, a permissive open-source license, clearly indicated in the SKILL.md and README.md.",{"category":65,"check":66,"severity":67,"summary":68},"Maintenance","Commit recency","not_applicable","No commit date is available for the default branch, making it impossible to assess recency.",{"category":65,"check":70,"severity":67,"summary":71},"Dependency Management","No third-party dependencies are explicitly declared or used in the provided files.",{"category":73,"check":74,"severity":31,"summary":75},"Security","Secret Management","The skill's purpose is to detect secrets in configuration files, implying it does not handle or expose secrets itself.",{"category":73,"check":77,"severity":31,"summary":78},"Injection","The skill primarily uses pattern matching on local files and does not appear to load or execute untrusted third-party data.",{"category":73,"check":80,"severity":31,"summary":81},"Transitive Supply-Chain Grenades","The skill operates on local files and does not fetch remote content or execute arbitrary code, mitigating supply-chain risks.",{"category":73,"check":83,"severity":31,"summary":84},"Sandbox Isolation","The skill's operations appear to be limited to scanning local files, without attempting to modify external paths.",{"category":73,"check":86,"severity":31,"summary":87},"Sandbox escape primitives","No evidence of detached-process spawns or retry loops around denied tool calls was found.",{"category":73,"check":89,"severity":31,"summary":90},"Data Exfiltration","The skill's function is to scan local files for security issues and does not appear to exfiltrate data.",{"category":73,"check":92,"severity":31,"summary":93},"Hidden Text Tricks","Bundled content appears free of hidden-steering tricks, with clean printable ASCII and expected Unicode.",{"category":73,"check":95,"severity":31,"summary":96},"Opaque code execution","The skill's logic appears to be plain text with clear detection patterns, not obfuscated code.",{"category":98,"check":99,"severity":31,"summary":100},"Portability","Structural Assumption","The skill makes reasonable assumptions about file naming conventions and provides clear error messages if expected files are absent.",{"category":102,"check":103,"severity":67,"summary":104},"Trust","Issues Attention","No issues data is available to assess maintainer engagement.",{"category":106,"check":107,"severity":31,"summary":108},"Versioning","Release Management","A version ('1.0') is declared in the SKILL.md frontmatter.",{"category":110,"check":111,"severity":112,"summary":113},"Code Execution","Validation","info","While the skill uses pattern matching, it does not explicitly use a schema library for validation of inputs like file paths or commands.",{"category":73,"check":115,"severity":31,"summary":116},"Unguarded Destructive Operations","The skill is purely analytical and does not perform any destructive operations.",{"category":110,"check":118,"severity":31,"summary":119},"Error Handling","The skill's output format and detection patterns suggest structured error reporting rather than silent failures or opaque error messages.",{"category":110,"check":121,"severity":67,"summary":122},"Logging","The skill is purely analytical and does not perform destructive actions or outbound calls that would require local logging.",{"category":124,"check":125,"severity":31,"summary":126},"Compliance","GDPR","The skill scans local configuration files and does not process personal data.",{"category":124,"check":128,"severity":31,"summary":129},"Target market","The skill scans configuration files and IaC which are generally global in nature, with no specific regional logic detected. Target market set to global.",{"category":98,"check":131,"severity":31,"summary":132},"Runtime stability","The skill's logic appears to be plain text and relies on standard file operations, making it portable across POSIX-like environments.",{"category":47,"check":134,"severity":31,"summary":135},"Precise Purpose","The description clearly states the artifact (config files, Docker, IaC) and the task (detect security misconfigurations) and provides usage examples.",{"category":47,"check":137,"severity":31,"summary":138},"Concise Frontmatter","The frontmatter is concise and effectively summarizes the core capability and usage.",{"category":51,"check":140,"severity":31,"summary":141},"Concise Body","The SKILL.md body is well-structured with clear sections and reasonable length.",{"category":143,"check":144,"severity":31,"summary":145},"Context","Progressive Disclosure","Detailed detection patterns and remediation examples are provided within the SKILL.md, with configuration options documented clearly.",{"category":143,"check":147,"severity":67,"summary":148},"Forked exploration","The skill performs direct file scanning and analysis, not deep exploration requiring a forked context.",{"category":29,"check":150,"severity":31,"summary":151},"Usage examples","The skill provides clear quick start examples for various scanning targets and includes detailed remediation examples.",{"category":29,"check":153,"severity":31,"summary":154},"Edge cases","The skill documents specific files to scan, and lists potential issues with severity and descriptions, implying handling of variations.",{"category":110,"check":156,"severity":67,"summary":157},"Tool Fallback","The skill does not appear to rely on external tools like MCP, making fallbacks not applicable.",{"category":98,"check":159,"severity":31,"summary":160},"Stack assumptions","The skill's logic relies on common file operations and pattern matching, making it portable across POSIX environments without specific stack assumptions.",{"category":162,"check":163,"severity":31,"summary":164},"Safety","Halt on unexpected state","The skill's focus on analysis and clear output format implies it would halt or report clearly on unexpected states rather than proceed destructively.",{"category":98,"check":166,"severity":31,"summary":167},"Cross-skill coupling","The skill is self-contained and its related skills are clearly listed as external references, not implicit dependencies.",1778053954296,"This skill analyzes various configuration files, including environment variables, Dockerfiles, Kubernetes manifests, Terraform code, and application configuration files, to identify common security misconfigurations. It provides detailed output on detected issues, their severity, and suggests remediation steps, along with configuration options for ignoring specific rules or files.","2.0.0","3.4.0","The skill is well-documented, focused, and provides significant value in detecting security misconfigurations. It adheres to best practices for scope, security, and portability, with clear usage examples and output. Minor points were noted on the lack of explicit schema validation for inputs.",95,"A comprehensive security scanning tool for configuration files, Docker, and Infrastructure as Code.",[15,16,17,18,19,20,21],"global","verified",{"codeQuality":179,"collectedAt":180,"documentation":181,"maintenance":183,"security":184,"testCoverage":187},{},1778053938516,{"descriptionLength":182,"readmeSize":8},173,{},{"hasNpmPackage":185,"license":186,"smitheryVerified":185},false,"MIT",{"hasCi":185,"hasTests":185},{"updatedAt":189},1778054012696,{"githubOwner":191,"githubRepo":192,"locale":25,"slug":193,"type":194},"jwynia","agent-skills","config-scan","skill",true,null,{"extract":198,"llm":200},{"commitSha":199,"license":186},"e02ec7e226a6e4f8419fd3b88a1d8e472d421b32",{"promptVersionExtension":170,"promptVersionScoring":171,"score":173,"targetMarket":176,"tier":177},{"repoId":202},"kd7efn3mprpa8rd8vm5hw5ebzx864fph",{"_creationTime":204,"_id":202,"identity":205,"providers":207,"workflow":218},1777995558409.897,{"githubOwner":191,"githubRepo":192,"sourceUrl":206},"https://github.com/jwynia/agent-skills",{"discover":208,"github":211},{"sources":209},[210],"skills-sh",{"closedIssues90d":8,"forks":212,"openIssues90d":213,"pushedAt":214,"readmeSize":215,"stars":216,"topics":217},10,2,1771900514000,11924,70,[],{"discoverAt":219,"extractAt":220,"githubAt":220,"updatedAt":220},1777995558409,1778053628601,{"anyEnrichmentAt":222,"extractAt":223,"githubAt":222,"llmAt":189,"updatedAt":189},1778053625386,1778053622473,[],[226,257,280,309],{"_creationTime":227,"_id":228,"community":229,"display":230,"identity":242,"providers":245,"relations":251,"workflow":253},1778054070894.8628,"k17antgkdftwdz7cf6tkh5kq65867wht",{"reviewCount":8},{"description":231,"installMethods":232,"name":233,"sourceUrl":234,"tags":235},"Autonomous AI pentester for web apps and APIs. Run white-box security assessments with Shannon — analyzes source code, identifies attack vectors, and executes real exploits to prove vulnerabilities. Triggered by 'shannon', 'pentest', 'security audit', 'vuln scan'.",{},"Shannon Skill","https://github.com/unicodeveloper/shannon",[15,236,237,238,239,240,241,17],"pentesting","automation","api","web","exploit","owasp",{"githubOwner":243,"githubRepo":244,"locale":25,"slug":244,"type":194},"unicodeveloper","shannon",{"extract":246,"llm":249},{"commitSha":247,"license":248},"6a97124bee816c7cc76c6e17bb2b0fe8c0eae032","AGPL-3.0",{"promptVersionExtension":170,"promptVersionScoring":171,"score":250,"targetMarket":176,"tier":177},98,{"repoId":252},"kd7dk33pc652m4w5wrxaga9qn5865x26",{"anyEnrichmentAt":254,"extractAt":255,"githubAt":254,"llmAt":256,"updatedAt":256},1778054071281,1778054070894,1778054087802,{"_creationTime":258,"_id":259,"community":260,"display":261,"identity":274,"providers":275,"relations":278,"workflow":279},1778053622473.6643,"k17f5hrarp9sdrp97g8sa1e9cn8662nk",{"reviewCount":8},{"description":262,"installMethods":263,"name":264,"sourceUrl":265,"tags":266},"Diagnose devcontainer configuration problems and guide development environment setup. This skill should be used when the user asks to 'set up devcontainer', 'fix container startup', 'configure VS Code dev container', 'Codespaces setup', or has Docker development environment issues. Keywords: devcontainer, docker, VS Code, Codespaces, container, development environment, Dockerfile.",{},"Devcontainer Diagnostic","https://github.com/jwynia/agent-skills/tree/HEAD/skills/tech/development/tooling/devcontainer",[267,17,268,269,270,16,271,272,273],"devcontainer","vscode","codespaces","development-environment","diagnostic","typescript","deno",{"githubOwner":191,"githubRepo":192,"locale":25,"slug":267,"type":194},{"extract":276,"llm":277},{"commitSha":199,"license":186},{"promptVersionExtension":170,"promptVersionScoring":171,"score":250,"targetMarket":176,"tier":177},{"repoId":202},{"anyEnrichmentAt":222,"extractAt":223,"githubAt":222,"llmAt":189,"updatedAt":189},{"_creationTime":281,"_id":282,"community":283,"display":284,"identity":294,"providers":298,"relations":303,"workflow":305},1778054663200.069,"k173s355bcc3mq3jt415tn0a5d866ep3",{"reviewCount":8},{"description":285,"installMethods":286,"name":287,"sourceUrl":288,"tags":289},"Set up environment variables, .env files, and configuration management. Use when configuring environment variables, creating .env files, or managing app configuration.",{},"Environment Setup Wizard","https://github.com/onewave-ai/claude-skills/tree/HEAD/env-setup-wizard",[16,290,291,272,292,293,15],"environment-variables","env-files","zod","next-js",{"githubOwner":295,"githubRepo":296,"locale":25,"slug":297,"type":194},"onewave-ai","claude-skills","env-setup-wizard",{"extract":299,"llm":301},{"commitSha":300,"license":186},"eb3d80be32b6cafcf0d5df1c1b8a95df75838271",{"promptVersionExtension":170,"promptVersionScoring":171,"score":302,"targetMarket":176,"tier":177},96,{"repoId":304},"kd71e43dj0b7ak5e55pyshxp4n864t6p",{"anyEnrichmentAt":306,"extractAt":307,"githubAt":306,"llmAt":308,"updatedAt":308},1778054667983,1778054663200,1778055270278,{"_creationTime":310,"_id":311,"community":312,"display":313,"identity":326,"providers":330,"relations":334,"workflow":336},1778054086261.0852,"k17137wynvh2r2wx4gg87qa4bn86745n",{"reviewCount":8},{"description":314,"installMethods":315,"name":316,"sourceUrl":317,"tags":318},"Comprehensive FastAPI knowledge for building production-ready APIs from basic to planet-scale. Use when building FastAPI applications, implementing REST APIs, setting up database operations with SQLModel, implementing authentication (OAuth2/JWT), deploying to Docker/Kubernetes, or needing guidance on middleware, WebSockets, background tasks, dependency injection, security, scalability, or performance optimization. Triggers include \"FastAPI\", \"build API\", \"REST endpoint\", \"SQLModel\", \"OAuth2\", \"JWT\", \"deploy FastAPI\", \"Docker FastAPI\", \"Kubernetes\", \"API security\", or questions about Python web frameworks.",{},"FastAPI Expert","https://github.com/bilalmk/todo_correct/tree/HEAD/.claude/skills/custom/fastapi-expert",[319,320,238,321,322,323,17,18,324,325],"fastapi","python","web-development","documentation","deployment","sqlmodel","authentication",{"githubOwner":327,"githubRepo":328,"locale":25,"slug":329,"type":194},"bilalmk","todo_correct","fastapi-expert",{"extract":331,"llm":333},{"commitSha":332,"license":186},"8b43aa04bd5c53e3cda46469b953684519a84ea7",{"promptVersionExtension":170,"promptVersionScoring":171,"score":173,"targetMarket":176,"tier":177},{"repoId":335},"kd75ecf652eb91ha327s8bqbex865z6v",{"anyEnrichmentAt":337,"extractAt":338,"githubAt":337,"llmAt":339,"updatedAt":339},1778054086910,1778054086261,1778054163453]