insecure-defaults

What problem does it solve?

This Skill identifies and helps remediate critical security vulnerabilities arising from insecure default configurations in applications, preventing them from running with weak or exposed settings in production.

Core Features & Use Cases

• Detects Fail-Open Vulnerabilities: Pinpoints instances where applications run with default, insecure settings if proper configuration is missing (e.g., weak secrets, disabled authentication).
• Distinguishes Exploitable Defaults: Differentiates between dangerous fail-open patterns and safe fail-secure patterns that cause an application to crash when configuration is absent.
• Use Case: During a security audit, this Skill can scan your codebase and deployment configurations to find hardcoded API keys, default administrative passwords, or overly permissive CORS settings that could be exploited if production configuration is mismanaged.

Quick Start

Scan the project for insecure default configurations and report any findings.