owasp-security-review | owasp-security-review | ClaudePluginHub

Skill

Community

owasp-security-review

Description

Security review and implementation support based on OWASP Cheat Sheet Series. Use for code review requests, security-related implementation/research, and vulnerability checks. Covers security topics such as XSS, SQL Injection, CSRF, and authentication/authorization.

AI Summary

Performs security reviews using OWASP Cheat Sheets to identify vulnerabilities like XSS, SQL injection, and authentication flaws. Triggers on code review requests, security implementation tasks, and vulnerability checks.

Install

Add the repository(one-time)

/plugin marketplace add ayuzaka/my-develop-plugin

Install the plugin

/plugin install owasp-security-review@agent-plugins-marketplace

Tool Access

This skill is limited to using the following tools:

shell_command

Supporting Assets

View in Repository

references/top10-mapping.md

scripts/setup_cheatsheets.sh

Skill Content

OWASP Security Review

Perform code security reviews based on the OWASP Cheat Sheet Series, identifying vulnerabilities and providing remediation recommendations.

Setup

If the Cheat Sheet repository has not been cloned:

bash scripts/setup_cheatsheets.sh

By default, it clones to ~/.local/share/owasp-cheatsheets.

Review Workflow

1. Identify Security Concerns

Identify relevant security categories from the code:

Code Pattern	OWASP Top 10 Category
User input handling	A03: Injection
SQL queries	A03: Injection
HTML output	A03: Injection (XSS)
Authentication logic	A07: Authentication Failures
Session handling	A07: Authentication Failures
Access control checks	A01: Broken Access Control
Cryptography, passwords	A02: Cryptographic Failures
File uploads	A05: Security Misconfiguration
External API calls	A10: SSRF
Deserialization	A08: Data Integrity Failures
Dependencies	A06: Vulnerable Components
Logging	A09: Logging Failures

2. Load Relevant Cheat Sheets

Refer to top10-mapping.md to identify the applicable Cheat Sheets.

Load a Cheat Sheet:

cat ~/.local/share/owasp-cheatsheets/cheatsheets/<CheatSheet_Name>.md

3. Review and Report

Output Format for Code Review

## Security Review Summary

### Findings

#### [Severity: Critical/High/Medium/Low] Finding Title
- **Location**: file:line
- **Issue**: Description of the problem
- **OWASP Category**: A0X: Category Name
- **Reference**: Cheat Sheet name
- **Recommendation**: Remediation with code examples

Output Format for Implementation/Research

Present implementation guidance or research findings based on Cheat Sheet content. Always cite the source Cheat Sheet.

Quick Reference

Common Vulnerabilities Checklist

Links

GitHub Stats

0 forks

Updated 9 days ago

Similar Skills

auth-implementation-patterns

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

developer-essentials

24.7k

bazel-build-optimization

Optimize Bazel builds for large-scale monorepos. Use when configuring Bazel, implementing remote execution, or optimizing build performance for enterprise codebases.

developer-essentials

24.7k

code-review-excellence

Master effective code review practices to provide constructive feedback, catch bugs early, and foster knowledge sharing while maintaining team morale. Use when reviewing pull requests, establishing review standards, or mentoring developers.

developer-essentials

24.7k