home/categories/security/trailofbits-skills-plugins-insecure-defaults-skills-insecure-defaults-skill-md
securitytesting-security
insecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
maintainer
trailofbits
Updated 1/28/2026
Stars
4466
Forks
385
quick start
Installation and usage
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
Installation
$ install --globalskills.sh
Usage
Once installed, you can use this skill by running the following command in your terminal:
skills use insecure-defaults