I built an open-source skill for AI coding agents (Claude Code, Cursor, Windsurf, etc.) that
scans your infrastructure configs for security issues, explains them in plain language, and
offers to fix them.
Then type /misconfiguration-detection in your agent.
It wraps CoGuard (https://coguard.io) and scans Terraform, Kubernetes, Helm, Docker,
CloudFormation, cloud configs (AWS/Azure/GCP), databases, web servers, CI/CD pipelines, and
more. Results come back with severity ratings, file paths, line numbers, and specific fixes.
The interesting angle: developers are generating more infrastructure code with AI agents than
ever, but there's no security review step built into that workflow. This plugs that gap; your
agent writes the Terraform, then immediately checks whether it's actually secure.
It also supports compliance frameworks (SOC2, HIPAA, STIG) if you're in audit season.
AlbertHeinle•2h ago
One-liner install:
Then type /misconfiguration-detection in your agent.It wraps CoGuard (https://coguard.io) and scans Terraform, Kubernetes, Helm, Docker, CloudFormation, cloud configs (AWS/Azure/GCP), databases, web servers, CI/CD pipelines, and more. Results come back with severity ratings, file paths, line numbers, and specific fixes.
The interesting angle: developers are generating more infrastructure code with AI agents than ever, but there's no security review step built into that workflow. This plugs that gap; your agent writes the Terraform, then immediately checks whether it's actually secure.
It also supports compliance frameworks (SOC2, HIPAA, STIG) if you're in audit season.
Repo: https://github.com/coguardio/misconfiguration-detection-skil... Video demo: https://www.youtube.com/watch?v=851QsRDuoS4 Free to use. MIT licensed. Happy to answer questions about the approach.