owasp-security-review | owasp-security-review | ClaudePluginHub

Skill

Community

owasp-security-review

Description

Security review and implementation support based on OWASP Cheat Sheet Series. Use for code review requests, security-related implementation/research, and vulnerability checks. Covers security topics such as XSS, SQL Injection, CSRF, and authentication/authorization.

AI Summary

Performs security reviews using OWASP Cheat Sheets to identify vulnerabilities like XSS, SQL injection, and authentication flaws. Triggers on code review requests, security implementation tasks, and vulnerability checks.

Install

Add the repository(one-time)

/plugin marketplace add ayuzaka/agent-plugins

Install the plugin

/plugin install owasp-security-review@agent-plugins-marketplace

Tool Access

This skill is limited to using the following tools:

shell_command

Supporting Assets

View in Repository

references/top10-mapping.md

scripts/setup_cheatsheets.sh

Skill Content

OWASP Security Review

Perform code security reviews based on the OWASP Cheat Sheet Series, identifying vulnerabilities and providing remediation recommendations.

Setup

If the Cheat Sheet repository has not been cloned:

bash scripts/setup_cheatsheets.sh

By default, it clones to ~/.local/share/owasp-cheatsheets.

Review Workflow

1. Identify Security Concerns

Identify relevant security categories from the code:

Code Pattern	OWASP Top 10 Category
User input handling	A03: Injection
SQL queries	A03: Injection
HTML output	A03: Injection (XSS)
Authentication logic	A07: Authentication Failures
Session handling	A07: Authentication Failures
Access control checks	A01: Broken Access Control
Cryptography, passwords	A02: Cryptographic Failures
File uploads	A05: Security Misconfiguration
External API calls	A10: SSRF
Deserialization	A08: Data Integrity Failures
Dependencies	A06: Vulnerable Components
Logging	A09: Logging Failures

2. Load Relevant Cheat Sheets

Refer to top10-mapping.md to identify the applicable Cheat Sheets.

Load a Cheat Sheet:

cat ~/.local/share/owasp-cheatsheets/cheatsheets/<CheatSheet_Name>.md

3. Review and Report

Output Format for Code Review

## Security Review Summary

### Findings

#### [Severity: Critical/High/Medium/Low] Finding Title
- **Location**: file:line
- **Issue**: Description of the problem
- **OWASP Category**: A0X: Category Name
- **Reference**: Cheat Sheet name
- **Recommendation**: Remediation with code examples

Output Format for Implementation/Research

Present implementation guidance or research findings based on Cheat Sheet content. Always cite the source Cheat Sheet.

Quick Reference

Common Vulnerabilities Checklist

Links

GitHub Stats

0 forks

Updated 9 days ago

Similar Skills

gitops-workflow

2 files

Implement GitOps workflows with ArgoCD and Flux for automated, declarative Kubernetes deployments with continuous reconciliation. Use when implementing GitOps practices, automating Kubernetes deployments, or setting up declarative infrastructure management.

kubernetes-operations

24.8k

helm-chart-scaffolding

4 files

Design, organize, and manage Helm charts for templating and packaging Kubernetes applications with reusable configurations. Use when creating Helm charts, packaging Kubernetes applications, or implementing templated deployments.

kubernetes-operations

24.8k

k8s-manifest-generator

5 files

Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.

kubernetes-operations

24.8k