nginx-config-linter

Lint, validate, and audit nginx configuration files for syntax errors, security issues, and performance problems.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "nginx-config-linter" with this command: npx skills add charlie-morrison/nginx-config-linter

Nginx Config Linter

Validate and audit nginx configuration files for syntax, security, and performance issues.

Commands

Lint a config file

python3 scripts/nginx-config-linter.py lint /etc/nginx/nginx.conf

Security audit

python3 scripts/nginx-config-linter.py security /etc/nginx/nginx.conf

Performance check

python3 scripts/nginx-config-linter.py performance /etc/nginx/nginx.conf

Full audit (lint + security + performance)

python3 scripts/nginx-config-linter.py audit /etc/nginx/nginx.conf

Scan directory of configs

python3 scripts/nginx-config-linter.py audit /etc/nginx/ --recursive

Options

  • --format text|json|markdown — Output format (default: text)
  • --severity error|warning|info — Minimum severity to report (default: info)
  • --recursive — Scan directories recursively for .conf files
  • --strict — Exit code 1 on any warning or error (CI mode)

What It Checks

Syntax (12 rules)

  • Unmatched braces, missing semicolons
  • Invalid directives in wrong context
  • Duplicate server_name, duplicate location
  • Empty blocks, unreachable locations
  • Invalid listen directives
  • Conflicting try_files

Security (15 rules)

  • Missing security headers (X-Frame-Options, X-Content-Type-Options, CSP, etc.)
  • Server tokens exposed (server_tokens on)
  • Weak SSL/TLS (SSLv3, TLS 1.0/1.1, weak ciphers)
  • Missing HSTS header
  • Directory listing enabled (autoindex on)
  • Missing rate limiting
  • Permissive CORS (*) with credentials
  • Default server block missing
  • Root inside location block

Performance (10 rules)

  • Gzip not enabled or poorly configured
  • Missing keepalive settings
  • Buffer sizes too small/large
  • Missing proxy cache settings
  • No worker_connections tuning
  • Missing client_max_body_size
  • Large timeout values
  • Missing access_log off for static assets

Exit Codes

  • 0: No errors or warnings
  • 1: Errors or warnings found (or --strict with any findings)
  • 2: File not found or parse error

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

S³ Security Audit

Run security audits on codebases using static analysis, dependency scanning, and manual code review patterns. Covers OWASP Top 10, secrets detection, depende...

Registry SourceRecently Updated
2160solomonneas
Security

Skill

Security check for OpenClaw skills. Scan any ClawHub skill for malware, prompt injection, data theft, wallet stealing, and dangerous permissions BEFORE insta...

Registry SourceRecently Updated
1980folvindine
Security

代码沙箱

代码沙箱 - 原创技能。安全执行未验证的AI生成代码,防止恶意代码、系统破坏或意外损害。适用于代码审查、安全验证、AI编程辅助等场景。

Registry SourceRecently Updated
00534422530
Security

Git Security Scanner

Unified security scanner that catches leaked secrets, credentials, and code vulnerabilities before they reach your remote. Wraps gitleaks (400+ secret patter...

Registry SourceRecently Updated
2361Profile unavailable