web-server-security-reviewer

What problem does it solve?

This Skill helps you conduct a Phase 1 security review of nginx/apache web server configurations without performing risky changes, producing evidence-backed findings and a structured report suitable for compliance-style auditing.

Core Features & Use Cases

• Read-only Phase 1 configuration review: Scans security-critical configuration areas for nginx/apache on Linux using an approved checklist approach.
• Evidence integrity & provenance: Verifies integrity using MANIFEST.txt and manifest_attestation.txt, separating masked outputs from raw evidence storage.
• 9-axis security coverage with role extensions: Produces severity-ranked findings across OS/resources/logging/network/services/authn-monitoring-backup-certs and supports role-specific checks.
• Strict guardrails for safety: Enforces a 6-tier command execution policy (including conditional/exceptional read handling), forbids write/change commands, and records command logs with approvals.

Quick Start

Use the web-server-security-reviewer skill to run a Phase 1 configuration security audit for a target host using a provided target_profile.yaml input contract.