Skills / Engineering / Insecure Defaults Detector

Insecure Defaults Detector

Detect fail-open insecure defaults — hardcoded secrets, weak auth, and overly permissive security settings — that let an app run insecurely in production. Audits config management and environment variable handling.

Many breaches trace back to a setting that fails open: a default admin password, debug mode left on, auth disabled when a flag is missing. This skill audits config and env-var handling to find defaults that silently weaken security in production.

security configuration secrets devsecops audit

When to use

Use when auditing application security, reviewing configuration management, or analyzing how environment variables and feature flags are handled before a production release.

Examples

Audit config defaults

Find fail-open settings before release

Audit this app's config and env handling for insecure defaults that fail open in production

Check secret handling

Flag hardcoded credentials

Scan for hardcoded secrets and weak default auth settings in this service
Added to wishlist