Scans code and config for insecure patterns—exposed API keys, weak auth, permissive permissions—that silently let apps run unsafe in production. Flags each with remediation.
Best for: Engineers shipping code without a full security review, or compliance audits catching drift.
Creator's repository · trailofbits/skills
License: CC-BY-SA-4.0