[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension-skill-agamm-owasp-security-zh-CN":3,"guides-for-agamm-owasp-security":296,"similar-k170tsety55jv7d9fpp6sder8x86m11m-zh-CN":297},{"_creationTime":4,"_id":5,"children":6,"community":7,"display":9,"evaluation":15,"identity":244,"isFallback":229,"parentExtension":249,"providers":250,"relations":256,"repo":259,"tags":292,"workflow":293},1778670004699.9666,"k170tsety55jv7d9fpp6sder8x86m11m",[],{"reviewCount":8},0,{"description":10,"installMethods":11,"name":13,"sourceUrl":14},"当审查代码以查找安全漏洞、实施身份验证/授权、处理用户输入或讨论 Web 应用程序安全性时使用。涵盖 OWASP Top 10:2025、ASVS 5.0、LLM Top 10 (2025) 和 Agentic AI 安全 (2026)。",{"claudeCode":12},"agamm/claude-code-owasp","owasp-security","https://github.com/agamm/claude-code-owasp",{"_creationTime":16,"_id":17,"extensionId":5,"locale":18,"result":19,"trustSignals":227,"workflow":242},1778670004699.9668,"kn72m7cxtaqe08w6mc30k63jyh86mgp5","zh-CN",{"checks":20,"evaluatedAt":195,"extensionSummary":196,"features":197,"nonGoals":203,"promptVersionExtension":207,"promptVersionScoring":208,"purpose":209,"rationale":210,"score":211,"summary":212,"tags":213,"tier":220,"useCases":221},[21,26,29,32,36,39,44,48,51,54,58,62,65,69,72,75,78,81,84,87,91,95,99,103,107,110,113,116,120,123,126,129,132,135,138,142,146,150,153,157,160,163,166,169,173,176,179,182,185,188,192],{"category":22,"check":23,"severity":24,"summary":25},"Practical Utility","Problem relevance","pass","描述清楚地说明了该扩展解决了 Web 应用程序安全、AI 代理安全和 LLM 应用程序安全问题，并命名了特定的标准和用例。",{"category":22,"check":27,"severity":24,"summary":28},"Unique selling proposition","该技能聚合了最新的 OWASP Web、LLM 和代理 AI 安全标准，提供了一个全面的、可操作的参考，超越了简单的提示。",{"category":22,"check":30,"severity":24,"summary":31},"Production readiness","该技能为多个领域提供了全面的文档和代码示例，用于安全最佳实践，使其能够用于开发工作流程。",{"category":33,"check":34,"severity":24,"summary":35},"Scope","Single responsibility principle","该扩展专注于 Web、LLM 和代理 AI 的安全最佳实践，这些是应用程序安全领域内连贯相关的领域。",{"category":33,"check":37,"severity":24,"summary":38},"Description quality","显示的描述准确地反映了 SKILL.md 的内容，涵盖了 Web、LLM 和代理 AI 安全的 OWASP 标准。",{"category":40,"check":41,"severity":42,"summary":43},"Invocation","Scoped tools","not_applicable","这是一个技能，而不是基于工具的扩展；作用域工具的概念不适用。",{"category":45,"check":46,"severity":42,"summary":47},"Documentation","Configuration & parameter reference","该技能不向用户公开明确的配置参数或选项；其功能由 LLM 对提示的理解和捆绑的文档驱动。",{"category":33,"check":49,"severity":42,"summary":50},"Tool naming","这是一个技能，而不是基于工具的扩展；工具命名约定不适用。",{"category":33,"check":52,"severity":42,"summary":53},"Minimal I/O surface","这是一个技能，而不是基于工具的扩展；I/O 表面分析不适用。",{"category":55,"check":56,"severity":24,"summary":57},"License","License usability","该扩展根据 MIT 许可证获得许可，在 LICENSE 文件中明确说明，并在 README 中引用。",{"category":59,"check":60,"severity":24,"summary":61},"Maintenance","Commit recency","最后一次提交是在 2026 年 4 月 28 日，这在过去 3 个月内。",{"category":59,"check":63,"severity":42,"summary":64},"Dependency Management","该扩展似乎没有任何第三方依赖项需要外部管理或更新。",{"category":66,"check":67,"severity":42,"summary":68},"Security","Secret Management","该技能基于文档，不处理或公开敏感信息。",{"category":66,"check":70,"severity":24,"summary":71},"Injection","该技能主要提供文档和示例；它不执行外部代码或加载易受注入攻击的不可信数据。",{"category":66,"check":73,"severity":24,"summary":74},"Transitive Supply-Chain Grenades","该技能是独立的，并且在运行时不获取外部内容。",{"category":66,"check":76,"severity":42,"summary":77},"Sandbox Isolation","此技能基于文档，不与文件系统交互或执行其自身包之外的操作。",{"category":66,"check":79,"severity":42,"summary":80},"Sandbox escape primitives","该技能基于文档，不执行代码或具有可能尝试逃离沙盒的钩子。",{"category":66,"check":82,"severity":42,"summary":83},"Data Exfiltration","该技能基于文档，不执行出站网络调用或处理机密数据。",{"category":66,"check":85,"severity":24,"summary":86},"Hidden Text Tricks","捆绑的内容，包括 SKILL.md 和 README.md，似乎没有隐藏的操纵技巧，并使用了干净的可打印 ASCII。",{"category":88,"check":89,"severity":42,"summary":90},"Hooks","Opaque code execution","该技能不包含任何涉及不透明代码执行的脚本或钩子。",{"category":92,"check":93,"severity":42,"summary":94},"Portability","Structural Assumption","该技能基于文档，并且不对用户的项目结构做出假设。",{"category":96,"check":97,"severity":24,"summary":98},"Trust","Issues Attention","过去 90 天内打开了 0 个问题，关闭了 1 个问题，这表明响应良好。",{"category":100,"check":101,"severity":24,"summary":102},"Versioning","Release Management","该存储库包含一个 `LICENSE` 文件，并且代码是从特定 URL 安装的，这暗示了一个稳定的发布机制。最后的提交日期也表明了最近的活动。",{"category":104,"check":105,"severity":42,"summary":106},"Code Execution","Validation","此技能基于文档，不执行代码或处理结构化输入/输出。",{"category":66,"check":108,"severity":42,"summary":109},"Unguarded Destructive Operations","此技能基于文档，不执行任何破坏性操作。",{"category":104,"check":111,"severity":42,"summary":112},"Error Handling","此技能基于文档，没有可以生成错误的执行代码。",{"category":104,"check":114,"severity":42,"summary":115},"Logging","此技能基于文档，不执行需要日志记录的操作。",{"category":117,"check":118,"severity":42,"summary":119},"Compliance","GDPR","此技能基于文档，不处理个人数据。",{"category":117,"check":121,"severity":24,"summary":122},"Target market","该扩展提供了全球适用的通用安全最佳实践，并且不包含任何区域或管辖权逻辑。",{"category":92,"check":124,"severity":42,"summary":125},"Runtime stability","此技能基于文档，没有运行时要求或对特定环境的假设。",{"category":45,"check":127,"severity":24,"summary":128},"README","README 文件存在，并清楚地说明了扩展的目的，包括安装说明和涵盖的标准。",{"category":33,"check":130,"severity":42,"summary":131},"Tool surface size","这是一个技能，而不是基于工具的扩展；工具表面大小不适用。",{"category":40,"check":133,"severity":42,"summary":134},"Overlapping near-synonym tools","这是一个技能，而不是基于工具的扩展；重叠的工具名称不适用。",{"category":45,"check":136,"severity":24,"summary":137},"Phantom features","README 和 SKILL.md 中提到的所有功能（OWASP 标准、特定语言怪癖等）都包含在捆绑的文档中。",{"category":139,"check":140,"severity":24,"summary":141},"Install","Installation instruction","README 提供了清晰的、可直接复制的安装说明，用于使用 curl 进行项目本地和全局安装。",{"category":143,"check":144,"severity":42,"summary":145},"Errors","Actionable error messages","此技能基于文档，没有用户可见的错误路径。",{"category":147,"check":148,"severity":42,"summary":149},"Execution","Pinned dependencies","该技能不使用任何需要固定的第三方依赖项或脚本。",{"category":33,"check":151,"severity":42,"summary":152},"Dry-run preview","此技能基于文档，不执行状态更改操作。",{"category":154,"check":155,"severity":42,"summary":156},"Protocol","Idempotent retry & timeouts","此技能基于文档，没有远程调用或状态更改操作。",{"category":117,"check":158,"severity":42,"summary":159},"Telemetry opt-in","此技能基于文档，不发出任何遥测数据。",{"category":40,"check":161,"severity":24,"summary":162},"Precise Purpose","SKILL.md 中的 `description` 清楚地说明了 Web、LLM 和代理 AI 安全的目的（安全最佳实践）和用例（审查代码、实施身份验证、处理输入等）。",{"category":40,"check":164,"severity":24,"summary":165},"Concise Frontmatter","SKILL.md 中的 frontmatter 简洁明了，有效总结了技能的目的和范围。",{"category":45,"check":167,"severity":24,"summary":168},"Concise Body","SKILL.md 结构良好，长度适中，将语言细节的深入研究推迟到清晰的章节，而不是嵌入大型代码块。",{"category":170,"check":171,"severity":24,"summary":172},"Context","Progressive Disclosure","SKILL.md 概述了各种 OWASP 标准，然后提供了详细的特定语言怪癖，提供了良好的渐进式披露级别。",{"category":170,"check":174,"severity":42,"summary":175},"Forked exploration","该技能主要是一个参考，不涉及需要“context: fork”的深入探索或代码审查。",{"category":22,"check":177,"severity":24,"summary":178},"Usage examples","SKILL.md 包含多个代码示例，演示了 SQL 注入、密码存储和错误处理等各种场景的安全编码模式。",{"category":22,"check":180,"severity":24,"summary":181},"Edge cases","该技能通过提供特定语言的安全怪癖和深入分析指导来解决边缘情况，鼓励安全研究人员的心态。",{"category":104,"check":183,"severity":42,"summary":184},"Tool Fallback","此技能基于文档，不依赖外部工具或 MCP 服务器。",{"category":92,"check":186,"severity":24,"summary":187},"Stack assumptions","SKILL.md 详细介绍了特定语言的安全注意事项，隐含地声明了使用这些语言的开发人员的堆栈假设和先决条件。",{"category":189,"check":190,"severity":42,"summary":191},"Safety","Halt on unexpected state","此技能基于文档，不执行需要检查先决条件的操作。",{"category":92,"check":193,"severity":24,"summary":194},"Cross-skill coupling","该技能是独立的，直接提供安全最佳实践。它似乎不隐式依赖于其他特定技能。",1778669990620,"该技能提供了关于 OWASP 安全标准的广泛文档，包括 Web 应用程序、LLM 应用程序和代理 AI 的 Top 10，以及 ASVS 要求和特定语言的安全怪癖。它包括安全编码实践的代码示例和指导。",[198,199,200,201,202],"涵盖 OWASP Top 10:2025","OWASP LLM Top 10 (2025) 和 Agentic AI Security (2026) 指导","ASVS 5.0 要求","特定语言的安全陷阱和分析思路","安全代码示例和审查清单",[204,205,206],"执行自动安全扫描","提供实时漏洞检测","充当静态分析工具","3.0.0","4.4.0","为开发人员提供最新的 OWASP 安全最佳实践，以构建安全的 Web 应用程序、集成 LLM 和开发 AI 代理系统。","该扩展是一个高质量、全面的文档技能，涵盖了具有清晰解释和示例的关键安全标准。所有适用的检查都已通过高严重性评分。",95,"优秀、全面的安全最佳实践技能，涵盖 Web、LLM 和 AI 代理应用程序。",[214,215,216,217,218,219],"security","owasp","web-security","llm-security","ai-security","coding-standards","verified",[222,223,224,225,226],"审查代码以查找安全漏洞","实施身份验证和授权","安全地处理用户输入和外部数据","构建安全的 LLM 应用程序和 AI 代理","理解特定语言的安全风险",{"codeQuality":228,"collectedAt":230,"documentation":231,"maintenance":234,"security":239,"testCoverage":241},{"hasLockfile":229},false,1778669972612,{"descriptionLength":232,"readmeSize":233},244,3629,{"closedIssues90d":235,"forks":236,"hasChangelog":229,"openIssues90d":8,"pushedAt":237,"stars":238},1,20,1777351561000,185,{"hasNpmPackage":229,"license":240,"smitheryVerified":229},"MIT",{"hasCi":229,"hasTests":229},{"updatedAt":243},1778670004700,{"basePath":245,"githubOwner":246,"githubRepo":247,"locale":18,"slug":13,"type":248},".claude/skills/owasp-security","agamm","claude-code-owasp","skill",null,{"evaluate":251,"extract":254},{"promptVersionExtension":207,"promptVersionScoring":208,"score":211,"tags":252,"targetMarket":253,"tier":220},[214,215,216,217,218,219],"global",{"commitSha":255},"HEAD",{"repoId":257,"translatedFrom":258},"kd74m2bazrrzjvvry9rtwmyqe986m74g","k17edjmfhw7c1xc50fyzkj0pm186mbak",{"_creationTime":260,"_id":257,"identity":261,"providers":262,"workflow":288},1778669967160.6086,{"githubOwner":246,"githubRepo":247,"sourceUrl":14},{"classify":263,"discover":275,"github":278},{"commitSha":255,"extensions":264},[265],{"basePath":245,"description":266,"displayName":13,"installMethods":267,"rationale":268,"selectedPaths":269,"source":273,"sourceLanguage":274,"type":248},"Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, LLM Top 10 (2025), and Agentic AI security (2026).",{"claudeCode":12},"SKILL.md frontmatter at .claude/skills/owasp-security/SKILL.md",[270],{"path":271,"priority":272},"SKILL.md","mandatory","rule","en",{"sources":276},[277],"manual",{"closedIssues90d":235,"description":279,"forks":236,"license":240,"openIssues90d":8,"pushedAt":237,"readmeSize":233,"stars":238,"topics":280},"Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.",[218,281,282,283,284,285,215,286,214,287],"appsec","asvs","claude","claude-code","claude-skills","secure-coding","vulnerability",{"classifiedAt":289,"discoverAt":290,"extractAt":291,"githubAt":291,"updatedAt":289},1778669970799,1778669967160,1778669968947,[218,219,217,215,214,216],{"evaluatedAt":294,"extractAt":295,"updatedAt":243},1778669990724,1778669971188,[],[298,327,356,386,414,444],{"_creationTime":299,"_id":300,"community":301,"display":302,"identity":308,"providers":311,"relations":320,"tags":323,"workflow":324},1778675056600.2454,"k171v117em7kjw0p5bxy9pn9ss86m1d9",{"reviewCount":8},{"description":303,"installMethods":304,"name":306,"sourceUrl":307},"Use when assessing AI/ML systems for prompt injection, jailbreak vulnerabilities, model inversion risk, data poisoning exposure, or agent tool abuse. Covers MITRE ATLAS technique mapping, injection signature detection, and adversarial robustness scoring.",{"claudeCode":305},"alirezarezvani/claude-skills","AI Security","https://github.com/alirezarezvani/claude-skills",{"basePath":309,"githubOwner":310,"githubRepo":285,"locale":274,"slug":218,"type":248},"engineering-team/skills/ai-security","alirezarezvani",{"evaluate":312,"extract":319},{"promptVersionExtension":207,"promptVersionScoring":208,"score":313,"tags":314,"targetMarket":253,"tier":220},97,[218,217,315,316,317,318],"prompt-injection","vulnerability-assessment","mitre-atlas","threat-detection",{"commitSha":255,"license":240},{"parentExtensionId":321,"repoId":322},"k179s2ynpr6g927zdzf23zrhad86net8","kd7ff9s1w43mfyy1n7hf87816186m6px",[218,217,317,315,318,316],{"evaluatedAt":325,"extractAt":326,"updatedAt":325},1778682974511,1778675056600,{"_creationTime":328,"_id":329,"community":330,"display":331,"identity":337,"providers":341,"relations":349,"tags":352,"workflow":353},1778699018122.7927,"k172qs5m5jvyrgpd8psfrfmz2s86m9vb",{"reviewCount":8},{"description":332,"installMethods":333,"name":335,"sourceUrl":336},"Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.",{"claudeCode":334},"wshobson/agents","secrets-management","https://github.com/wshobson/agents",{"basePath":338,"githubOwner":339,"githubRepo":340,"locale":274,"slug":335,"type":248},"plugins/cicd-automation/skills/secrets-management","wshobson","agents",{"evaluate":342,"extract":348},{"promptVersionExtension":207,"promptVersionScoring":208,"score":343,"tags":344,"targetMarket":253,"tier":220},100,[335,345,346,347,214],"ci-cd","vault","aws-secrets-manager",{"commitSha":255},{"parentExtensionId":350,"repoId":351},"k1748zrty6tytzs86tpyrrbaxn86mfmj","kd74de64zj0axtg5b8t7eqqe2x86nske",[347,345,335,214,346],{"evaluatedAt":354,"extractAt":355,"updatedAt":354},1778700789419,1778699018122,{"_creationTime":357,"_id":358,"community":359,"display":360,"identity":366,"providers":371,"relations":379,"tags":382,"workflow":383},1778698175626.3276,"k17cj6pbcgtrw523a4sw8mhcxn86mzvv",{"reviewCount":8},{"description":361,"installMethods":362,"name":364,"sourceUrl":365},"Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.",{"claudeCode":363},"trailofbits/skills","Semgrep Rule Creator","https://github.com/trailofbits/skills",{"basePath":367,"githubOwner":368,"githubRepo":369,"locale":274,"slug":370,"type":248},"plugins/semgrep-rule-creator/skills/semgrep-rule-creator","trailofbits","skills","semgrep-rule-creator",{"evaluate":372,"extract":378},{"promptVersionExtension":207,"promptVersionScoring":208,"score":343,"tags":373,"targetMarket":253,"tier":220},[374,214,375,376,377],"semgrep","static-analysis","code-quality","developer-tools",{"commitSha":255},{"parentExtensionId":380,"repoId":381},"k1757483sd0rdv04r5773w2tb986mb9g","kd7d5sbrd9m157hjv9c7v4wfyn86mk2f",[376,377,214,374,375],{"evaluatedAt":384,"extractAt":385,"updatedAt":384},1778699451460,1778698175626,{"_creationTime":387,"_id":388,"community":389,"display":390,"identity":396,"providers":400,"relations":407,"tags":410,"workflow":411},1778696595410.5671,"k17anj41t8hgk7k78wc98gw6a186n8ks",{"reviewCount":8},{"description":391,"installMethods":392,"name":394,"sourceUrl":395},"Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.",{"claudeCode":393},"rohitg00/pro-workflow","safe-mode","https://github.com/rohitg00/pro-workflow",{"basePath":397,"githubOwner":398,"githubRepo":399,"locale":274,"slug":394,"type":248},"skills/safe-mode","rohitg00","pro-workflow",{"evaluate":401,"extract":406},{"promptVersionExtension":207,"promptVersionScoring":208,"score":343,"tags":402,"targetMarket":253,"tier":220},[214,403,404,376,405],"guardrails","operations","hooks",{"commitSha":255},{"parentExtensionId":408,"repoId":409},"k17fxtjcfh5gvxdrhv2dmgn1t986mdhv","kd7am4e918eq98hrd9s31jm4vs86nn0b",[376,403,405,404,214],{"evaluatedAt":412,"extractAt":413,"updatedAt":412},1778696971063,1778696595410,{"_creationTime":415,"_id":416,"community":417,"display":418,"identity":424,"providers":429,"relations":437,"tags":440,"workflow":441},1778695116697.1829,"k17dqmn88r6143c75adk6b21mn86nxy9",{"reviewCount":8},{"description":419,"installMethods":420,"name":422,"sourceUrl":423},"Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, \u003C1% FPR. Fast (\u003C2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.",{"claudeCode":421},"Orchestra-Research/AI-Research-SKILLs","Prompt Guard","https://github.com/Orchestra-Research/AI-Research-SKILLs",{"basePath":425,"githubOwner":426,"githubRepo":427,"locale":274,"slug":428,"type":248},"07-safety-alignment/prompt-guard","Orchestra-Research","AI-Research-SKILLs","prompt-guard",{"evaluate":430,"extract":436},{"promptVersionExtension":207,"promptVersionScoring":208,"score":343,"tags":431,"targetMarket":253,"tier":220},[432,315,433,434,214,435],"safety-alignment","jailbreak-detection","input-validation","content-filtering",{"commitSha":255,"license":240},{"parentExtensionId":438,"repoId":439},"k17155ws9qc0hw7a568bg79sfd86max8","kd70hj1y80mhra5xm5g188j5n586mg18",[435,434,433,315,432,214],{"evaluatedAt":442,"extractAt":443,"updatedAt":442},1778696253838,1778695116697,{"_creationTime":445,"_id":446,"community":447,"display":448,"identity":454,"providers":458,"relations":466,"tags":468,"workflow":469},1778695753353.633,"k17fxb9fnez7bhk0sy8znxzx8n86m48r",{"reviewCount":8},{"description":449,"installMethods":450,"name":452,"sourceUrl":453},"Drift detection + baseline integrity guard for agent workspace files with automatic alerting support",{"claudeCode":451},"prompt-security/clawsec","soul-guardian","https://github.com/prompt-security/clawsec",{"basePath":455,"githubOwner":456,"githubRepo":457,"locale":274,"slug":452,"type":248},"skills/soul-guardian","prompt-security","clawsec",{"evaluate":459,"extract":465},{"promptVersionExtension":207,"promptVersionScoring":208,"score":343,"tags":460,"targetMarket":253,"tier":220},[214,461,462,463,464],"integrity","auditing","file-guard","workspace",{"commitSha":255},{"repoId":467},"kd72phsqkbk8w57ctvf7ac9nqs86n9t4",[462,463,461,214,464],{"evaluatedAt":470,"extractAt":471,"updatedAt":470},1778696065248,1778695753353]