← Back to Skills Marketplace
musharsec

OWASP Top 10 AI

by musharsec · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
97
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install raigo-owasp-top-10-llm
Description
RAIGO × OWASP LLM Top 10 — official OWASP LLM Application Security Top 10 (2025) enforcement rules for OpenClaw agents. Covers all 10 OWASP LLM risks: prompt...
Usage Guidance
This appears to be a coherent, instruction-only OWASP LLM enforcement skill and does not request secrets or install code — that lowers its risk. Before enabling it broadly: (1) verify the skill's provenance (the homepage is provided but the source is 'unknown'); (2) test it in a safe environment to confirm the agent enforces the deny/warn responses as intended; (3) review and, if needed, customize the deny/warn messages and any auditing outputs so they don't accidentally expose sensitive context; and (4) remember instruction-only skills rely on the host agent to implement them correctly, so ensure the agent’s runtime and tooling cannot be bypassed or misconfigured in ways that defeat these rules.
Capability Analysis
Type: OpenClaw Skill Name: raigo-owasp-top-10-llm Version: 1.0.0 The skill bundle (raigo-owasp-top-10-llm) is a defensive security tool designed to implement the OWASP Top 10 for LLM Applications (2025) guardrails within an OpenClaw agent. The SKILL.md file contains instructions for the agent to detect and block prompt injection (LLM01), prevent sensitive data disclosure (LLM02), and require user confirmation before executing generated code (LLM05). No malicious logic, data exfiltration, or unauthorized execution patterns were identified; the content is entirely focused on enhancing the agent's security posture.
Capability Assessment
Purpose & Capability
The name and description claim an OWASP Top-10 enforcement policy and the SKILL.md contains rule definitions and concrete deny/warn responses. There are no unexpected binaries, env vars, or install steps requested — this matches the stated intent.
Instruction Scope
The instructions are policy/rule text that tell the agent when to block, warn, or audit; they do not request unrelated system files, credentials, or remote downloads. The file enumerates prompt-injection phrases (e.g., "ignore previous instructions") as detection patterns — this triggered the scanner but is appropriate here because the skill intends to detect/deny those patterns. Verify the agent runtime actually enforces these rules as written.
Install Mechanism
There is no install spec and no code to download or execute. Being instruction-only minimizes installation risk.
Credentials
The skill declares no required env vars, credentials, or config paths. That is proportionate to an enforcement/policy skill.
Persistence & Privilege
Flags are default (not always:true). The skill is user-invocable and allows model invocation (platform default) but does not request elevated persistent privileges or modify other skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install raigo-owasp-top-10-llm
  3. After installation, invoke the skill by name or use /raigo-owasp-top-10-llm
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release with enforcement rules for the official OWASP LLM Application Security Top 10 (2025). - Maps each of the 10 OWASP LLM risks (including prompt injection, sensitive information disclosure, output handling, model poisoning, supply chain, and others) directly to practical deny/warn/audit rules. - Includes clear detection patterns and required responses for each risk. - Designed for seamless integration with OpenClaw agents; works standalone or alongside raigo Agent Firewall. - No engine, compile step, or extra configuration required—works out of the box for OWASP LLM compliance.
Metadata
Slug raigo-owasp-top-10-llm
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is OWASP Top 10 AI?

RAIGO × OWASP LLM Top 10 — official OWASP LLM Application Security Top 10 (2025) enforcement rules for OpenClaw agents. Covers all 10 OWASP LLM risks: prompt... It is an AI Agent Skill for Claude Code / OpenClaw, with 97 downloads so far.

How do I install OWASP Top 10 AI?

Run "/install raigo-owasp-top-10-llm" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OWASP Top 10 AI free?

Yes, OWASP Top 10 AI is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OWASP Top 10 AI support?

OWASP Top 10 AI is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OWASP Top 10 AI?

It is built and maintained by musharsec (@musharsec); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 Comments