OpenCode Skills.
← Catalog

No. 044 · security

Insecure Defaults

Detect hardcoded secrets and default credentials

Version 1.0.0 License MIT Format SKILL.md

Find insecure default configurations: hardcoded secrets, default credentials, weak crypto algorithms, permissive CORS, and debug modes left enabled in production.

When to use this skill

  • Scanning for hardcoded secrets
  • Checking for default credentials
  • Auditing CORS configuration

Core concepts

This skill provides guidance on insecure defaults best practices, patterns, and common pitfalls. It is designed to be loaded on demand when a relevant task is detected.

Installation

curl -LO https://opencode-skills.example/downloads/security/insecure-defaults.zip
unzip insecure-defaults.zip -d ~/.config/opencode/skills/

Restart OpenCode — the skill loads automatically.

When it triggers

  • scanning for hardcoded secrets
  • checking for default credentials
  • auditing CORS configuration