Alana multiskillagent - Agent Skills

Setup & Installation

npx skills add https://github.com/trailofbits/insecure-defaults --skill insecure-defaults

or paste the link and ask your coding assistant to install it

https://github.com/trailofbits/insecure-defaults

What This Skill Does

Detects fail-open security vulnerabilities where applications run insecurely due to missing or weak configuration. Focuses on distinguishing exploitable defaults (app runs with a weak secret) from fail-secure patterns (app crashes without proper config). Covers hardcoded credentials, weak crypto, permissive access controls, and debug features left enabled. Manual code review misses fail-open patterns because the code looks correct at a glance — this skill traces the actual runtime path to confirm whether a missing env var causes a crash or silently falls back to a weak default.

When to use it

Working with insecure defaults functionality
Implementing insecure defaults features
Debugging insecure defaults related issues

insecure-defaults

Setup & Installation

What This Skill Does

When to use it

Similar Skills

audit-context-building

auth0-android

auth0-angular

auth0-aspnetcore-api