Skills

All Skills

owasp

Skills tagged with #owasp

@tomascupr

OWASP Top 10 Review Checklist

Use this checklist when auditing application code, configuration, and deployment surfaces.

tomascupr/sandstorm+1 more
18d ago
4260
@jefflester

api-security

API security best practices and common vulnerability prevention. Enforces security checks for authentication, input validation, SQL injection, XSS, and OWASP Top 10 vulnerabilities. Use when building or modifying APIs.

jefflester/claude-skills-supercharged
18d ago
370
@securityscan-api
MCP

SecurityScan

Scan GitHub-hosted AI skills for vulnerabilities: prompt injection, malware, OWASP LLM Top 10.

mcpgithubapiaillm
securityscan-api/securityscan-api
19d ago
0
@agamm

owasp-security

Use when reviewing code for security vulnerabilities, implementing authentication/authorization, handling user input, or discussing web application security. Covers OWASP Top 10:2025, ASVS 5.0, and Agentic AI security (2026).

agamm/claude-code-owasp
18d ago
760
@Nomadu27
MCP

InsAIts - AI Communication Security Monitor

Runtime AI-to-AI security monitor. 23 anomaly types, OWASP MCP Top 10 coverage.

mcpgithubairag
Nomadu27/InsAIts
19d ago
0
@eigent-ai

skill-security-auditor

Security auditing for code, configs, and infrastructure. Use when the user wants to audit or improve security: scan for vulnerabilities (SQL injection, XSS, command injection, path traversal), detect hardcoded secrets and credentials, review auth and authorization, check dependencies for known CVEs, audit config files for insecure defaults, or generate security reports. Trigger on "security audit", "vulnerability scan", "code review for security", "find secrets", "check for vulnerabilities", "OWASP", "CVE", or questions about code security.

eigent-ai/eigent
18d ago
13.0K0
@SnailSploit

offensive-business-logic

Business logic vulnerability testing for web/mobile/API engagements. Covers workflow bypass, state machine violations, multi-step process abuse, price/quantity/discount manipulation, currency confusion, coupon stacking, refund/chargeback abuse, race conditions on logic boundaries, parameter tampering for hidden flows, role/tenant boundary violations, time-of-check vs use, anti-automation defeat, fraud-detection evasion, and subscription/quota abuse. Use when scoping an application after surface-level OWASP Top 10 has been covered, or when the asset is a transactional/marketplace/fintech/e-commerce/SaaS app where logic flaws produce direct financial impact.

SnailSploit/Claude-Red+23 more
3d ago
1.2K0
WorkflowsMCPCollectionsPublishersDocs
Sign In