Owasp Security
技能 已验证 活跃当审查代码以查找安全漏洞、实施身份验证/授权、处理用户输入或讨论 Web 应用程序安全性时使用。涵盖 OWASP Top 10:2025、ASVS 5.0、LLM Top 10 (2025) 和 Agentic AI 安全 (2026)。
为开发人员提供最新的 OWASP 安全最佳实践,以构建安全的 Web 应用程序、集成 LLM 和开发 AI 代理系统。
功能
- 涵盖 OWASP Top 10:2025
- OWASP LLM Top 10 (2025) 和 Agentic AI Security (2026) 指导
- ASVS 5.0 要求
- 特定语言的安全陷阱和分析思路
- 安全代码示例和审查清单
使用场景
- 审查代码以查找安全漏洞
- 实施身份验证和授权
- 安全地处理用户输入和外部数据
- 构建安全的 LLM 应用程序和 AI 代理
- 理解特定语言的安全风险
非目标
- 执行自动安全扫描
- 提供实时漏洞检测
- 充当静态分析工具
安装
npx skills add agamm/claude-code-owasp通过 npx 运行 Vercel skills CLI(skills.sh)— 需要本地安装 Node.js,以及至少一个兼容 skills 的智能体(Claude Code、Cursor、Codex 等)。前提是仓库遵循 agentskills.io 格式。
质量评分
已验证类似扩展
AI Security
97Use when assessing AI/ML systems for prompt injection, jailbreak vulnerabilities, model inversion risk, data poisoning exposure, or agent tool abuse. Covers MITRE ATLAS technique mapping, injection signature detection, and adversarial robustness scoring.
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Prompt Guard
100Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support