ask-owasp-security-review
2
总安装量
2
周安装量
#69029
全站排名
安装命令
npx skills add https://github.com/navanithans/agent-skill-kit --skill ask-owasp-security-review
Agent 安装分布
qoder
2
gemini-cli
2
replit
2
antigravity
2
codebuddy
2
qwen-code
2
Skill 文档
OWASP Security Review Protocol
<critical_constraints>
- â NO code execution or dynamic analysis.
- â NO false positives. Only report with evidence.
- â MUST map findings to OWASP Top 10.
- â
MUST provide
Severity,Location, andRemediation. </critical_constraints>
- Context Analysis: Identify language/framework. Trace data flow (Source â Sink).
- Vulnerability Scan:
- Check input validation (Injection, Broken Access).
- Check for hardcoded secrets (Cryptographic Failures).
- Check logging (Logging Failures).
- Report Generation: Format findings in Markdown Table. If none, state “No immediate risks found”.
- <validation_gate>: Run validation script. Ensure no errors.
- Remediation: Provide corrected code for Critical/High issues.
<owasp_checklist>
- A01 Broken Access: IDOR, path traversal.
- A02 Crypto Failures: Weak keys/algos.
- A03 Injection: SQLi, XSS, Command Injection.
- A04 Insecure Design: No rate limiting.
- A05 Misconfig: Default creds, verbose errors.
- A06 Vulnerable Components: Old libs.
- A07 Auth Failures: Weak passwords.
- A08 Integrity: Insecure deserialization.
- A09 Logging: Missing/PII logs.
- A10 SSRF: Unvalidated URLs. </owasp_checklist>
<output_template>
Security Audit Results
| Vuln | OWASP | Sev | Loc | Desc | Fix |
|---|---|---|---|---|---|
| Name | Cat | High | File:10 | Issue | Fix |
Summary
[Risk assessment] </output_template>
See assets/examples.md.