This catches the configuration mistakes that slip through code review and come back to haunt you in production. It scans Dockerfiles for root users and copied secrets, checks Kubernetes manifests for privileged containers and missing resource limits, audits Terraform for public S3 buckets and overly permissive IAM policies, and flags debug modes left on in application config. The severity ratings are sensible (committed .env files are CRITICAL, unpinned Docker tags are MEDIUM), and it includes actual remediation examples instead of just complaining. Run it before deployment or wire it into CI to fail builds on high-severity findings. The ignore rules let you suppress false positives without disabling entire categories.
npx skills add https://github.com/jwynia/agent-skills --skill config-scan