insecure-defaults

Identifies insecure default configurations and security misconfigurations in code to enhance application security during audits.

Install this skill

78/100

Security score

The insecure-defaults skill was audited on May 27, 2026 and we found 8 security issues across 3 threat categories, including 1 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

high line 160

Eval function call - arbitrary code execution

SourceSKILL.md

160	const result = eval(userInput) // Never ever

low line 48

Access to .env file

SourceSKILL.md

48	const API_KEY = process.env.API_KEY

low line 69

Access to .env file

SourceSKILL.md

69	secret: process.env.SESSION_SECRET,

low line 104

Access to .env file

SourceSKILL.md

104	process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0' // Disable TLS verification

low line 120

Access to .env file

SourceSKILL.md

120	if (process.env.NODE_ENV !== 'production') {

low line 130

Access to .env file

SourceSKILL.md

130	chmod 666 /app/.env

low line 133

Access to .env file

SourceSKILL.md

133	chmod 600 /app/.env

low line 91

External URL reference

SourceSKILL.md

91	origin: ['https://app.example.com', 'https://admin.example.com'],

Scanned on May 27, 2026

View Security Dashboard

Installation guide →

GitHub Stars 494

Rate this skill

Categorydevelopment

UpdatedJune 10, 2026

openclaw backend security-engineer devops-sre backend-developer development

vibeeval/vibecosystem