← Back to Skills Marketplace
Cyber Owasp Review
by
Muhammad Mazhar Saeed
· GitHub ↗
· v0.1.0
546
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install cyber-owasp-review
Description
Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level...
README (SKILL.md)
Cyber OWASP Review
Overview
Normalize application security findings into OWASP categories and produce remediation actions.
Workflow
- Ingest raw findings from scanners, tests, or reviews.
- Map findings to OWASP categories using keyword and context matching.
- Aggregate findings by category and severity.
- Produce category-specific remediation checklist output.
Use Bundled Resources
- Run
scripts/map_findings_to_owasp.pyfor deterministic mapping. - Read
references/owasp-mapping-guide.mdfor category heuristics.
Guardrails
- Keep guidance remediation-focused.
- Do not provide exploit payloads or offensive attack playbooks.
Usage Guidance
This skill appears coherent and low-risk: the included Python script reads a local JSON payload (limited to 1 MB), maps finding titles to OWASP categories using simple keyword matching, and writes a local output (json/md/csv). Before installing or running it: review the script (already present) to confirm it meets your needs; test with non-sensitive sample findings because scanner outputs can contain IPs, tokens, or PII; be aware the classifier is heuristic/keyword-based and may misclassify—consider enhancing heuristics if you need higher accuracy; run it in an isolated environment if you distrust the unknown publisher (no homepage/author info is provided).
Capability Analysis
Type: OpenClaw Skill
Name: cyber-owasp-review
Version: 0.1.0
The skill is classified as suspicious due to a path traversal vulnerability in `scripts/map_findings_to_owasp.py`. The script accepts `--input` and `--output` file paths directly from command-line arguments without sanitization, allowing an attacker to specify arbitrary file paths (e.g., `../../../../etc/passwd`) to read or write files outside the intended working directory. While the script's core functionality is benign and there's no evidence of intentional malicious behavior (like data exfiltration or remote execution), this vulnerability could be exploited by a malicious actor or a compromised agent to achieve arbitrary file read/write.
Capability Assessment
Purpose & Capability
Name/description match the included resources: SKILL.md describes mapping findings and the repo includes a mapping script and an OWASP heuristics reference. The Python script implements keyword-based classification and checklist generation which is coherent for this purpose.
Instruction Scope
SKILL.md limits runtime actions to running the bundled script and reading the local reference doc. The instructions do not ask the agent to read unrelated files, access environment variables, or contact external endpoints.
Install Mechanism
No install spec is provided (instruction-only with bundled script). Nothing is downloaded or extracted from external URLs; risk from install mechanism is minimal.
Credentials
No required environment variables, credentials, or config paths are declared and the code does not attempt to access such values. The skill does not require secrets or cloud credentials to perform its stated task.
Persistence & Privilege
The skill does not request persistent/system-wide presence (always:false) and does not modify other skills or global agent settings. It runs as a local script with no autonomous privilege escalations.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install cyber-owasp-review - After installation, invoke the skill by name or use
/cyber-owasp-review - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
- Initial release of cyber-owasp-review.
- Maps application security findings to OWASP Top 10 categories.
- Generates remediation checklists grouped by category and severity.
- Includes scripts and guides for deterministic mapping and category heuristics.
- Focuses strictly on remediation—no exploit or offensive guidance provided.
Metadata
Frequently Asked Questions
What is Cyber Owasp Review?
Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level... It is an AI Agent Skill for Claude Code / OpenClaw, with 546 downloads so far.
How do I install Cyber Owasp Review?
Run "/install cyber-owasp-review" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Cyber Owasp Review free?
Yes, Cyber Owasp Review is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Cyber Owasp Review support?
Cyber Owasp Review is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Cyber Owasp Review?
It is built and maintained by Muhammad Mazhar Saeed (@0x-professor); the current version is v0.1.0.
More Skills