trailofbits/skillsSoftware EngineeringFrontend and Design

insecure-defaults

Detects fail-open security vulnerabilities where applications run insecurely with missing or weak default configuration.

SkillJury keeps community verdicts, source metadata, and external repository signals in separate lanes so ranking data never pretends to be a review.

SkillJury verdict

Pending

No approved reviews yet

Would recommend

Pending

Waiting on enough review volume

Install signal

Weekly or total install activity from catalog data

0 review requests

Install command

npx skills add https://github.com/trailofbits/skills --skill insecure-defaults

SkillJury does not have enough approved reviews to publish a community verdict yet. Source metadata and repository proof are still available above.

SkillJury Signal Summary

As of May 1, 2026, insecure-defaults has 2 weekly installs, 0 community reviews on SkillJury. Community votes currently stand at 0 upvotes and 0 downvotes. Source: trailofbits/skills. Canonical URL: https://skills.sh/trailofbits/skills/insecure-defaults.

Security audits

Gen Agent Trust HubPASS

SocketPASS

SnykFAIL

About this skill

Detects fail-open security vulnerabilities where applications run insecurely with missing or weak default configuration. Finds fail-open vulnerabilities where apps run insecurely with missing configuration. Distinguishes exploitable defaults from fail-secure patterns that crash safely. Do not use this skill for: When in doubt: trace the code path to determine if the app runs with the default or crashes. Follow this workflow for every potential finding: Determine language, framework, and project conventions. Use this information to further discover things like secret storage locations, secret usage patterns, credentialed third-party integrations, cryptography, and any other relevant configuration. Further use information to analyze insecure default configurations. Example Search for patterns in **/config/ , **/auth/ , **/database/ , and env files: Tailor search approach based on discovery results.

Source description provided by the upstream listing. Community review signal and install context stay separate from this narrative layer.

Community reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context

Agents

Skills CLI

Source

trailofbits/skills

FAQ

What does insecure-defaults do?

Detects fail-open security vulnerabilities where applications run insecurely with missing or weak default configuration.

Is insecure-defaults good?

insecure-defaults does not have approved reviews yet, so SkillJury cannot publish a community verdict.

Which AI agents support insecure-defaults?

insecure-defaults currently lists compatibility with Skills CLI.

Is insecure-defaults safe to install?

insecure-defaults has been scanned by security audit providers tracked on SkillJury. Check the security audits section on this page for detailed results from Socket.dev and Snyk.

What are alternatives to insecure-defaults?

Skills in the same category include review-management, conversation-memory, coverage, grimoire-aave.

How do I install insecure-defaults?

Run the following command to install insecure-defaults: npx skills add https://github.com/trailofbits/skills --skill insecure-defaults

review-management conversation-memory coverage grimoire-aave

Related skills

More from trailofbits/skills

trailofbits/skills/Software Engineering

dimensional-analysis

This skill orchestrates a dimensional-analysis pipeline for codebases that perform numeric computations with mixed units, precisions, or scaling factors. The main skill context is a workflow controller only: it delegates scanning, vocabulary discovery, annotation, propagation, and validation to specialized subagents,...

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

trailofbits/skills/Software Engineering

ask-questions-if-underspecified

Ask clarifying questions before implementing when requirements are ambiguous or incomplete.

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

trailofbits/skills/Software Engineering

modern-python

Modern Python project setup with uv, ruff, and ty for Python 3.11+.

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

trailofbits/skills/Software Engineering

semgrep

Parallel static analysis scanner with automatic language detection, Pro cross-file taint tracking, and merged SARIF output.

Software EngineeringFrontend and DesignNo reviews yetSource trailofbits/skills

Related skills

Alternatives in Software Engineering

eronred/aso-skills/Software Engineering

review-management

Source details, install context, and public review data are available on the full page.

Software EngineeringFrontend and DesignNo reviews yetSource eronred/aso-skills

sickn33/antigravity-awesome-skills/Software Engineering

conversation-memory

Persistent memory systems for LLM conversations with tiered storage and intelligent retrieval.

Software EngineeringFrontend and DesignNo reviews yetSource sickn33/antigravity-awesome-skills

alirezarezvani/claude-skills/Software Engineering

coverage

Map all testable surfaces in the application and identify what's tested vs. what's missing.

Software EngineeringFrontend and DesignNo reviews yetSource alirezarezvani/claude-skills

franalgaba/grimoire/Software Engineering

grimoire-aave

Query Aave V3 market data, reserve snapshots, and health metrics across supported chains.

Software EngineeringFrontend and DesignNo reviews yetSource franalgaba/grimoire