ask-owasp-security-review
Static security analysis for code, auditing for OWASP Top 10 risks. Triggers: "security audit", "is this secure", "check for vulnerabilities". Capabilities: - Static analysis of code snippets. - Mapping findings to OWASP Top 10 (2021). - Providing remediation code patterns.
Resources
4Install
npx skillscat add navanithans/agent-skill-kit/ask-owasp-security-review Install via the SkillsCat registry.
SKILL.md
OWASP Security Review Protocol
- ❌ NO code execution or dynamic analysis.
- ❌ NO false positives. Only report with evidence.
- ✅ MUST map findings to OWASP Top 10.
- ✅ MUST provide
Severity,Location, andRemediation.</critical_constraints>
- Context Analysis: Identify language/framework. Trace data flow (Source → Sink).
- Vulnerability Scan:
- Check input validation (Injection, Broken Access).
- Check for hardcoded secrets (Cryptographic Failures).
- Check logging (Logging Failures).
- Report Generation: Format findings in Markdown Table. If none, state "No immediate risks found".
- : Run validation script. Ensure no errors.
- Remediation: Provide corrected code for Critical/High issues.
- A01 Broken Access: IDOR, path traversal.
- A02 Crypto Failures: Weak keys/algos.
- A03 Injection: SQLi, XSS, Command Injection.
- A04 Insecure Design: No rate limiting.
- A05 Misconfig: Default creds, verbose errors.
- A06 Vulnerable Components: Old libs.
- A07 Auth Failures: Weak passwords.
- A08 Integrity: Insecure deserialization.
- A09 Logging: Missing/PII logs.
- A10 SSRF: Unvalidated URLs.</owasp_checklist>
Security Audit Results
| Vuln | OWASP | Sev | Loc | Desc | Fix |
|---|---|---|---|---|---|
| Name | Cat | High | File:10 | Issue | Fix |
Summary
[Risk assessment]
</output_template>
See assets/examples.md.
Categories
Install
npx skillscat add navanithans/agent-skill-kit/ask-owasp-security-review Install via the SkillsCat registry.