Skip to main content
Run any Skill in Manus
with one click

iac-misconfiguration

Stars2
Forks1
UpdatedJuly 9, 2026 at 12:42

SAST detection methodology for Infrastructure-as-Code misconfiguration (CWE-1188, CWE-732, CWE-16), covering public buckets, 0.0.0.0/0 security groups, wildcard IAM, unencrypted storage/RDS, IMDSv1, publicly exposed databases, disabled logging, and Kubernetes/Helm/Dockerfile issues (privileged containers, hostPath/hostNetwork, runAsRoot, missing NetworkPolicy, broad RBAC, plaintext secrets, root/latest images, baked secrets, ADD remote URLs). Use when reviewing *.tf, CloudFormation/k8s YAML, Dockerfile, or Helm charts. Writes confirmed findings to findings/36-iac-misconfiguration.md.

Installation

Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.

SKILL.md
readonly