[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-agamm-owasp-security-en":3,"guides-for-agamm-owasp-security":293,"similar-k17edjmfhw7c1xc50fyzkj0pm186mbak-en":294},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":245,"isFallback":230,"parentExtension":250,"providers":251,"relations":256,"repo":258,"tags":289,"workflow":290},1778669971188.0525,"k17edjmfhw7c1xc50fyzkj0pm186mbak",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, LLM Top 10 (2025), and Agentic AI security (2026).",{"claudeCode":12},"agamm/claude-code-owasp","owasp-security","https://github.com/agamm/claude-code-owasp",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":228,"workflow":243},1778669990724.7651,"kn74dgka1z3as559jgfv0rnrg186nmpq","en",{"checks":20,"evaluatedAt":195,"extensionSummary":196,"features":197,"nonGoals":203,"promptVersionExtension":207,"promptVersionScoring":208,"purpose":209,"rationale":210,"score":211,"summary":212,"tags":213,"targetMarket":220,"tier":221,"useCases":222},[21,26,29,32,36,39,44,48,51,54,58,62,65,69,72,75,78,81,84,87,91,95,99,103,107,110,113,116,120,123,126,129,132,135,138,142,146,150,153,157,160,163,166,169,173,176,179,182,185,188,192],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","The description clearly states the extension addresses web application security, AI agent security, and LLM application security, naming specific standards and use cases.",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","The skill aggregates the latest OWASP standards for web, LLM, and agentic AI security, providing a comprehensive and actionable reference that goes beyond a simple prompt.",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","The skill provides comprehensive documentation and code examples for security best practices across multiple domains, making it ready for use in development workflows.",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","The extension focuses on security best practices across web, LLM, and agentic AI, which are coherently related domains under the umbrella of application security.",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","The displayed description accurately reflects the content of the SKILL.md, covering OWASP standards for web, LLM, and agentic AI security.",{"category":40,"check":41,"severity":42,"summary":43},"Invocation","Scoped tools","not_applicable","This is a skill, not a tool-based extension; the concept of scoped tools does not apply.",{"category":45,"check":46,"severity":42,"summary":47},"Documentation","Configuration & parameter reference","This skill does not expose explicit configuration parameters or options to the user; its functionality is driven by the LLM's understanding of the prompt and the bundled documentation.",{"category":33,"check":49,"severity":42,"summary":50},"Tool naming","This is a skill, not a tool-based extension; tool naming conventions do not apply.",{"category":33,"check":52,"severity":42,"summary":53},"Minimal I/O surface","This is a skill, not a tool-based extension; I/O surface analysis does not apply.",{"category":55,"check":56,"severity":24,"summary":57},"License","License usability","The extension is licensed under the MIT license, clearly stated in the LICENSE file and referenced in the README.",{"category":59,"check":60,"severity":24,"summary":61},"Maintenance","Commit recency","The last commit was on April 28, 2026, which is within the last 3 months.",{"category":59,"check":63,"severity":42,"summary":64},"Dependency Management","The extension does not appear to have any third-party dependencies that require external management or updates.",{"category":66,"check":67,"severity":42,"summary":68},"Security","Secret Management","The skill is documentation-based and does not handle or expose secrets.",{"category":66,"check":70,"severity":24,"summary":71},"Injection","The skill primarily provides documentation and examples; it does not execute external code or load untrusted data in a way that would be vulnerable to injection.",{"category":66,"check":73,"severity":24,"summary":74},"Transitive Supply-Chain Grenades","The skill is self-contained and does not fetch external content at runtime.",{"category":66,"check":76,"severity":42,"summary":77},"Sandbox Isolation","This skill is documentation-based and does not interact with the file system or perform operations outside of its own bundle.",{"category":66,"check":79,"severity":42,"summary":80},"Sandbox escape primitives","The skill is documentation-based and does not execute code or have hooks that could attempt sandbox escapes.",{"category":66,"check":82,"severity":42,"summary":83},"Data Exfiltration","The skill is documentation-based and does not perform outbound network calls or handle confidential data.",{"category":66,"check":85,"severity":24,"summary":86},"Hidden Text Tricks","The bundled content, including the SKILL.md and README.md, appears free of hidden-steering tricks and uses clean printable ASCII.",{"category":88,"check":89,"severity":42,"summary":90},"Hooks","Opaque code execution","The skill does not contain any scripts or hooks that involve opaque code execution.",{"category":92,"check":93,"severity":42,"summary":94},"Portability","Structural Assumption","The skill is documentation-based and does not make assumptions about the user's project structure.",{"category":96,"check":97,"severity":24,"summary":98},"Trust","Issues Attention","There is 0 issues opened and 1 closed in the last 90 days, indicating good responsiveness.",{"category":100,"check":101,"severity":24,"summary":102},"Versioning","Release Management","The repository includes a `LICENSE` file and the code is installed from a specific URL, implying a stable release mechanism. The latest commit date also suggests recent activity.",{"category":104,"check":105,"severity":42,"summary":106},"Code Execution","Validation","This skill is documentation-based and does not execute code or process structured input/output.",{"category":66,"check":108,"severity":42,"summary":109},"Unguarded Destructive Operations","The skill is documentation-based and does not perform any destructive operations.",{"category":104,"check":111,"severity":42,"summary":112},"Error Handling","The skill is documentation-based and does not have executable code that generates errors.",{"category":104,"check":114,"severity":42,"summary":115},"Logging","The skill is documentation-based and does not perform actions that require logging.",{"category":117,"check":118,"severity":42,"summary":119},"Compliance","GDPR","The skill is documentation-based and does not operate on personal data.",{"category":117,"check":121,"severity":24,"summary":122},"Target market","The extension provides general security best practices applicable globally and does not contain any regional or jurisdictional logic.",{"category":92,"check":124,"severity":42,"summary":125},"Runtime stability","The skill is documentation-based and has no runtime requirements or assumptions about specific environments.",{"category":45,"check":127,"severity":24,"summary":128},"README","The README file exists and clearly states the extension's purpose, including installation instructions and covered standards.",{"category":33,"check":130,"severity":42,"summary":131},"Tool surface size","This is a skill, not a tool-based extension; tool surface size does not apply.",{"category":40,"check":133,"severity":42,"summary":134},"Overlapping near-synonym tools","This is a skill, not a tool-based extension; overlapping tool names do not apply.",{"category":45,"check":136,"severity":24,"summary":137},"Phantom features","All features mentioned in the README and SKILL.md (OWASP standards, language quirks, etc.) are present in the bundled documentation.",{"category":139,"check":140,"severity":24,"summary":141},"Install","Installation instruction","The README provides clear, copy-pasteable installation instructions for both project-local and global installs using curl.",{"category":143,"check":144,"severity":42,"summary":145},"Errors","Actionable error messages","The skill is documentation-based and does not have error paths visible to the user.",{"category":147,"check":148,"severity":42,"summary":149},"Execution","Pinned dependencies","The skill does not use any third-party dependencies or scripts that require pinning.",{"category":33,"check":151,"severity":42,"summary":152},"Dry-run preview","The skill is documentation-based and does not perform state-changing operations.",{"category":154,"check":155,"severity":42,"summary":156},"Protocol","Idempotent retry & timeouts","The skill is documentation-based and has no remote calls or state-changing operations.",{"category":117,"check":158,"severity":42,"summary":159},"Telemetry opt-in","The skill is documentation-based and does not emit any telemetry.",{"category":40,"check":161,"severity":24,"summary":162},"Precise Purpose","The `description` in `SKILL.md` clearly states the purpose (security best practices) and use cases (reviewing code, implementing auth, handling input, etc.) for web, LLM, and agentic AI security.",{"category":40,"check":164,"severity":24,"summary":165},"Concise Frontmatter","The frontmatter in `SKILL.md` is concise and effectively summarizes the skill's purpose and scope.",{"category":45,"check":167,"severity":24,"summary":168},"Concise Body","The `SKILL.md` is well-structured and avoids excessive length, deferring deep dives into language specifics to clear sections rather than embedding large code blocks.",{"category":170,"check":171,"severity":24,"summary":172},"Context","Progressive Disclosure","The `SKILL.md` outlines various OWASP standards and then provides detailed language-specific quirks, offering a good level of progressive disclosure.",{"category":170,"check":174,"severity":42,"summary":175},"Forked exploration","This skill is primarily a reference and does not involve deep exploration or code review that would necessitate 'context: fork'.",{"category":22,"check":177,"severity":24,"summary":178},"Usage examples","The `SKILL.md` includes multiple code examples demonstrating secure coding patterns for various scenarios like SQL injection, password storage, and error handling.",{"category":22,"check":180,"severity":24,"summary":181},"Edge cases","The skill addresses edge cases by providing language-specific security quirks and deep analysis guidance, encouraging a security-researcher mindset.",{"category":104,"check":183,"severity":42,"summary":184},"Tool Fallback","This skill is documentation-based and does not rely on external tools or MCP servers.",{"category":92,"check":186,"severity":24,"summary":187},"Stack assumptions","The `SKILL.md` details language-specific security considerations, implicitly declaring stack assumptions and preconditions for developers working with those languages.",{"category":189,"check":190,"severity":42,"summary":191},"Safety","Halt on unexpected state","The skill is documentation-based and does not perform actions that have pre-state conditions to check.",{"category":92,"check":193,"severity":24,"summary":194},"Cross-skill coupling","The skill is self-contained, providing security best practices directly. It does not appear to implicitly rely on other specific skills.",1778669990620,"This skill provides extensive documentation on OWASP security standards, including Top 10 for web applications, LLM applications, and Agentic AI, along with ASVS requirements and language-specific security quirks. It includes code examples and guidance for secure coding practices.",[198,199,200,201,202],"OWASP Top 10:2025 coverage","OWASP LLM Top 10 (2025) and Agentic AI Security (2026) guidance","ASVS 5.0 requirements","Language-specific security pitfalls and analysis mindset","Secure code examples and review checklists",[204,205,206],"Performing automated security scans","Providing real-time vulnerability detection","Acting as a static analysis tool","3.0.0","4.4.0","To provide developers with up-to-date OWASP security best practices for building secure web applications, integrating LLMs, and developing AI agent systems.","The extension is a high-quality, comprehensive documentation skill covering critical security standards with clear explanations and examples. All applicable checks passed with high severity.",95,"Excellent, comprehensive security best practices skill covering web, LLM, and AI agent applications.",[214,215,216,217,218,219],"security","owasp","web-security","llm-security","ai-security","coding-standards","global","verified",[223,224,225,226,227],"Reviewing code for security vulnerabilities","Implementing authentication and authorization","Handling user input and external data securely","Building secure LLM applications and AI agents","Understanding language-specific security risks",{"codeQuality":229,"collectedAt":231,"documentation":232,"maintenance":235,"security":240,"testCoverage":242},{"hasLockfile":230},false,1778669972612,{"descriptionLength":233,"readmeSize":234},244,3629,{"closedIssues90d":236,"forks":237,"hasChangelog":230,"openIssues90d":8,"pushedAt":238,"stars":239},1,20,1777351561000,185,{"hasNpmPackage":230,"license":241,"smitheryVerified":230},"MIT",{"hasCi":230,"hasTests":230},{"updatedAt":244},1778669990724,{"basePath":246,"githubOwner":247,"githubRepo":248,"locale":18,"slug":13,"type":249},".claude/skills/owasp-security","agamm","claude-code-owasp","skill",null,{"evaluate":252,"extract":254},{"promptVersionExtension":207,"promptVersionScoring":208,"score":211,"tags":253,"targetMarket":220,"tier":221},[214,215,216,217,218,219],{"commitSha":255},"HEAD",{"repoId":257},"kd74m2bazrrzjvvry9rtwmyqe986m74g",{"_creationTime":259,"_id":257,"identity":260,"providers":261,"workflow":285},1778669967160.6086,{"githubOwner":247,"githubRepo":248,"sourceUrl":14},{"classify":262,"discover":272,"github":275},{"commitSha":255,"extensions":263},[264],{"basePath":246,"description":10,"displayName":13,"installMethods":265,"rationale":266,"selectedPaths":267,"source":271,"sourceLanguage":18,"type":249},{"claudeCode":12},"SKILL.md frontmatter at .claude/skills/owasp-security/SKILL.md",[268],{"path":269,"priority":270},"SKILL.md","mandatory","rule",{"sources":273},[274],"manual",{"closedIssues90d":236,"description":276,"forks":237,"license":241,"openIssues90d":8,"pushedAt":238,"readmeSize":234,"stars":239,"topics":277},"Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.",[218,278,279,280,281,282,215,283,214,284],"appsec","asvs","claude","claude-code","claude-skills","secure-coding","vulnerability",{"classifiedAt":286,"discoverAt":287,"extractAt":288,"githubAt":288,"updatedAt":286},1778669970799,1778669967160,1778669968947,[218,219,217,215,214,216],{"evaluatedAt":244,"extractAt":291,"updatedAt":292},1778669971188,1778670006765,[],[295,324,353,383,411,441],{"_creationTime":296,"_id":297,"community":298,"display":299,"identity":305,"providers":308,"relations":317,"tags":320,"workflow":321},1778675056600.2454,"k171v117em7kjw0p5bxy9pn9ss86m1d9",{"reviewCount":8},{"description":300,"installMethods":301,"name":303,"sourceUrl":304},"Use when assessing AI/ML systems for prompt injection, jailbreak vulnerabilities, model inversion risk, data poisoning exposure, or agent tool abuse. Covers MITRE ATLAS technique mapping, injection signature detection, and adversarial robustness scoring.",{"claudeCode":302},"alirezarezvani/claude-skills","AI Security","https://github.com/alirezarezvani/claude-skills",{"basePath":306,"githubOwner":307,"githubRepo":282,"locale":18,"slug":218,"type":249},"engineering-team/skills/ai-security","alirezarezvani",{"evaluate":309,"extract":316},{"promptVersionExtension":207,"promptVersionScoring":208,"score":310,"tags":311,"targetMarket":220,"tier":221},97,[218,217,312,313,314,315],"prompt-injection","vulnerability-assessment","mitre-atlas","threat-detection",{"commitSha":255,"license":241},{"parentExtensionId":318,"repoId":319},"k179s2ynpr6g927zdzf23zrhad86net8","kd7ff9s1w43mfyy1n7hf87816186m6px",[218,217,314,312,315,313],{"evaluatedAt":322,"extractAt":323,"updatedAt":322},1778682974511,1778675056600,{"_creationTime":325,"_id":326,"community":327,"display":328,"identity":334,"providers":338,"relations":346,"tags":349,"workflow":350},1778699018122.7927,"k172qs5m5jvyrgpd8psfrfmz2s86m9vb",{"reviewCount":8},{"description":329,"installMethods":330,"name":332,"sourceUrl":333},"Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.",{"claudeCode":331},"wshobson/agents","secrets-management","https://github.com/wshobson/agents",{"basePath":335,"githubOwner":336,"githubRepo":337,"locale":18,"slug":332,"type":249},"plugins/cicd-automation/skills/secrets-management","wshobson","agents",{"evaluate":339,"extract":345},{"promptVersionExtension":207,"promptVersionScoring":208,"score":340,"tags":341,"targetMarket":220,"tier":221},100,[332,342,343,344,214],"ci-cd","vault","aws-secrets-manager",{"commitSha":255},{"parentExtensionId":347,"repoId":348},"k1748zrty6tytzs86tpyrrbaxn86mfmj","kd74de64zj0axtg5b8t7eqqe2x86nske",[344,342,332,214,343],{"evaluatedAt":351,"extractAt":352,"updatedAt":351},1778700789419,1778699018122,{"_creationTime":354,"_id":355,"community":356,"display":357,"identity":363,"providers":368,"relations":376,"tags":379,"workflow":380},1778698175626.3276,"k17cj6pbcgtrw523a4sw8mhcxn86mzvv",{"reviewCount":8},{"description":358,"installMethods":359,"name":361,"sourceUrl":362},"Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.",{"claudeCode":360},"trailofbits/skills","Semgrep Rule Creator","https://github.com/trailofbits/skills",{"basePath":364,"githubOwner":365,"githubRepo":366,"locale":18,"slug":367,"type":249},"plugins/semgrep-rule-creator/skills/semgrep-rule-creator","trailofbits","skills","semgrep-rule-creator",{"evaluate":369,"extract":375},{"promptVersionExtension":207,"promptVersionScoring":208,"score":340,"tags":370,"targetMarket":220,"tier":221},[371,214,372,373,374],"semgrep","static-analysis","code-quality","developer-tools",{"commitSha":255},{"parentExtensionId":377,"repoId":378},"k1757483sd0rdv04r5773w2tb986mb9g","kd7d5sbrd9m157hjv9c7v4wfyn86mk2f",[373,374,214,371,372],{"evaluatedAt":381,"extractAt":382,"updatedAt":381},1778699451460,1778698175626,{"_creationTime":384,"_id":385,"community":386,"display":387,"identity":393,"providers":397,"relations":404,"tags":407,"workflow":408},1778696595410.5671,"k17anj41t8hgk7k78wc98gw6a186n8ks",{"reviewCount":8},{"description":388,"installMethods":389,"name":391,"sourceUrl":392},"Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.",{"claudeCode":390},"rohitg00/pro-workflow","safe-mode","https://github.com/rohitg00/pro-workflow",{"basePath":394,"githubOwner":395,"githubRepo":396,"locale":18,"slug":391,"type":249},"skills/safe-mode","rohitg00","pro-workflow",{"evaluate":398,"extract":403},{"promptVersionExtension":207,"promptVersionScoring":208,"score":340,"tags":399,"targetMarket":220,"tier":221},[214,400,401,373,402],"guardrails","operations","hooks",{"commitSha":255},{"parentExtensionId":405,"repoId":406},"k17fxtjcfh5gvxdrhv2dmgn1t986mdhv","kd7am4e918eq98hrd9s31jm4vs86nn0b",[373,400,402,401,214],{"evaluatedAt":409,"extractAt":410,"updatedAt":409},1778696971063,1778696595410,{"_creationTime":412,"_id":413,"community":414,"display":415,"identity":421,"providers":426,"relations":434,"tags":437,"workflow":438},1778695116697.1829,"k17dqmn88r6143c75adk6b21mn86nxy9",{"reviewCount":8},{"description":416,"installMethods":417,"name":419,"sourceUrl":420},"Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, \u003C1% FPR. Fast (\u003C2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.",{"claudeCode":418},"Orchestra-Research/AI-Research-SKILLs","Prompt Guard","https://github.com/Orchestra-Research/AI-Research-SKILLs",{"basePath":422,"githubOwner":423,"githubRepo":424,"locale":18,"slug":425,"type":249},"07-safety-alignment/prompt-guard","Orchestra-Research","AI-Research-SKILLs","prompt-guard",{"evaluate":427,"extract":433},{"promptVersionExtension":207,"promptVersionScoring":208,"score":340,"tags":428,"targetMarket":220,"tier":221},[429,312,430,431,214,432],"safety-alignment","jailbreak-detection","input-validation","content-filtering",{"commitSha":255,"license":241},{"parentExtensionId":435,"repoId":436},"k17155ws9qc0hw7a568bg79sfd86max8","kd70hj1y80mhra5xm5g188j5n586mg18",[432,431,430,312,429,214],{"evaluatedAt":439,"extractAt":440,"updatedAt":439},1778696253838,1778695116697,{"_creationTime":442,"_id":443,"community":444,"display":445,"identity":451,"providers":455,"relations":463,"tags":465,"workflow":466},1778695753353.633,"k17fxb9fnez7bhk0sy8znxzx8n86m48r",{"reviewCount":8},{"description":446,"installMethods":447,"name":449,"sourceUrl":450},"Drift detection + baseline integrity guard for agent workspace files with automatic alerting support",{"claudeCode":448},"prompt-security/clawsec","soul-guardian","https://github.com/prompt-security/clawsec",{"basePath":452,"githubOwner":453,"githubRepo":454,"locale":18,"slug":449,"type":249},"skills/soul-guardian","prompt-security","clawsec",{"evaluate":456,"extract":462},{"promptVersionExtension":207,"promptVersionScoring":208,"score":340,"tags":457,"targetMarket":220,"tier":221},[214,458,459,460,461],"integrity","auditing","file-guard","workspace",{"commitSha":255},{"repoId":464},"kd72phsqkbk8w57ctvf7ac9nqs86n9t4",[459,460,458,214,461],{"evaluatedAt":467,"extractAt":468,"updatedAt":467},1778696065248,1778695753353]