Insecure Defaults

84/100
Skill
by Trail of Bits@trailofbits
CC-BY-SA-4.0

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

Reviewed on v2026-05-16 - latest is v0.3.1. Scores may not reflect the current version.

Review Scores

Security31/35Maintain.29/35Usability24/30
Security31/35
Maintain.29/35
Usability24/30
Evidence:
high
Reviewed May 27, 2026
Drifted

Reviewed Version

2026-05-16

Latest Version

0.3.1(drift)

Freshness

Reviewed on 2026-05-16; latest is 0.3.1.

Scores reflect the version reviewed and may change with updates.

Security Audit - No Flags Reported

Audited May 27, 2026
Source is the public Trail of Bits skills repository. Curated entry preserves original SKILL.md content and avoids automatic tool execution during install.

Overview

When to Use

When NOT to Use

Setup

npx cldkit install insecure-defaults

Troubleshooting

More by Trail of Bits