review-kics
CommunityTriages KICS IaC findings safely and efficiently.
Authorchrismcmacken
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps security and DevOps teams triage Infrastructure as Code findings from KICS scans by providing a structured workflow that distinguishes reconnaissance from vulnerabilities and ensures safe, read-only verification of potential misconfigurations.
Core Features & Use Cases
- Automated finding extraction: Leverages the provided scripts to count, summarize, and identify resource identifiers from KICS results.
- Safe verification workflow: Enforces read-only checks and automatic verification so findings can be assessed without altering infrastructure.
- Reportable triage: Produces a concise, validated set of KICS exposures with evidence-ready steps for remediation planning.
- Use Case: A security team reviews KICS output for an org's repositories to identify publicly exposed resources and misconfigurations before deployment.
Quick Start
Run the built-in workflow to review KICS findings:
- Extract overall findings: ./scripts/extract-kics-findings.sh <org-name>
- Extract resource identifiers: ./scripts/extract-kics-findings.sh <org-name> resources
- Automatically verify and triage findings using the standard workflow described in this Skill.
Dependency Matrix
Required Modules
None requiredComponents
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: review-kics Download link: https://github.com/chrismcmacken/bounty-hunter/archive/main.zip#review-kics Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.