insecure-defaultsDetects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
Install via ClawdBot CLI:
clawdbot install atlas-secint/insecure-defaultsGrade Fair — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Generated Mar 1, 2026
Auditing a microservices-based SaaS application for insecure defaults in environment variable handling and configuration files. This scenario involves reviewing Dockerfiles, Kubernetes manifests, and application code to detect hardcoded secrets or weak authentication fallbacks that could be exploited if production configurations are missing.
Conducting a security assessment for a banking or fintech application to ensure compliance with regulations like PCI-DSS or GDPR. The skill helps identify fail-open vulnerabilities in authentication mechanisms, cryptographic implementations, and API security defaults that could lead to data breaches or unauthorized access.
Reviewing a healthcare app's configuration management before deployment to production environments. This scenario focuses on detecting insecure defaults in environment variables for patient data encryption, API keys for third-party integrations, and debug settings that might expose sensitive health information if left enabled.
Performing a pre-deployment security scan on an e-commerce platform to find weak defaults in payment processing modules, user authentication flows, and CORS settings. The goal is to prevent vulnerabilities like hardcoded API keys or permissive access controls that could be exploited during high-traffic sales events.
Offering specialized audits and penetration testing services to clients, using this skill to identify and report insecure defaults in their applications. Revenue is generated through project-based fees or retainer contracts for ongoing security reviews.
Integrating this skill into CI/CD pipelines as part of a DevSecOps platform, providing automated security scanning for development teams. Revenue comes from subscription-based SaaS pricing or enterprise licensing for the tool.
Assisting organizations in achieving security certifications (e.g., ISO 27001, SOC 2) by using the skill to detect and remediate insecure defaults as part of compliance audits. Revenue is generated through consulting packages and certification preparation services.
💬 Integration Tip
Integrate this skill into CI/CD pipelines by adding automated scans during build or deployment stages to catch insecure defaults early, and ensure it excludes test and example files as specified to reduce false positives.
Scored Apr 15, 2026
Security vetting protocol before installing any AI agent skill. Red flag detection for credential theft, obfuscated code, exfiltration. Risk classification L...
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Audit a user's current AI tool stack. Score each tool by ROI, identify redundancies, gaps, and upgrade opportunities. Produces a structured report with score...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Solve CAPTCHAs using 2Captcha service via CLI. Use for bypassing captchas during web automation, account creation, or form submission.