跳转到主要内容
此内容尚未提供您的语言版本,正在以英文显示。

Insecure Defaults

技能 活跃
属于:Insecure Defaults

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

目的

To help developers and security auditors automatically detect and report on insecure default configurations that could lead to security breaches.

功能

  • Detects hardcoded secrets and weak credentials
  • Identifies fail-open security vulnerabilities
  • Distinguishes critical vulnerabilities from safe patterns
  • Analyzes configuration files and environment variable handling

使用场景

  • Auditing security of production applications
  • Reviewing configuration management and IaC templates
  • Code review for secrets management
  • Pre-deployment security checks

非目标

  • Analyzing test fixtures or development-only tools
  • Auditing example/template files
  • Verifying build-time configuration replaced during deployment
  • Reporting on fail-secure patterns that crash safely

Trust

  • warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicate a low closure rate and potential slow response from maintainers.

安装

请先添加 Marketplace

/plugin marketplace add trailofbits/skills
/plugin install insecure-defaults@trailofbits

质量评分

75 /100
1 day ago 分析

信任信号

最近提交3 days ago
GitHub 所有者 trailofbits (opens in new tab)
星标5.2k
许可证CC-BY-SA-4.0
状态
查看源代码

类似扩展

Janitor Usage

100

显示您使用的技能以及从未使用过的技能

技能
khendzel

Setup Tailwind Typescript

100

Configure Tailwind CSS with TypeScript in a Next.js or React project. Covers installation, configuration, custom theme extensions, component patterns, and type-safe styling utilities. Use when adding Tailwind CSS to an existing TypeScript project, customizing the Tailwind theme for a project's design system, setting up type-safe component styling patterns, or configuring Tailwind plugins and extensions.

技能
pjt222

Setup

100

Use first for install/update routing — sends setup, doctor, or MCP requests to the correct OMC setup flow

技能
Yeachan-Heo

Mcp Setup

100

Configure popular MCP servers for enhanced agent capabilities

技能
Yeachan-Heo

Running Claude Code Via Litellm Copilot

100

当通过本地 LiteLLM 代理将 Claude Code 路由到 GitHub Copilot 时使用,以减少直接的 Anthropic 支出,配置 ANTHROPIC_BASE_URL 或 ANTHROPIC_MODEL 覆盖,或对 Copilot 代理设置失败进行故障排除,例如 model-not-found、无 localhost 流量或 GitHub 401/403 身份验证错误。

技能
xixu-me

Sync Setup

100

当用户首次设置配置同步、连接到 GitHub 或重新初始化备份存储库时使用。

技能
rohithzr