← 返回 Skills 市场
0x-professor

Cyber Owasp Review

作者 Muhammad Mazhar Saeed · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
546
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install cyber-owasp-review
功能描述
Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level...
使用说明 (SKILL.md)

Cyber OWASP Review

Overview

Normalize application security findings into OWASP categories and produce remediation actions.

Workflow

  1. Ingest raw findings from scanners, tests, or reviews.
  2. Map findings to OWASP categories using keyword and context matching.
  3. Aggregate findings by category and severity.
  4. Produce category-specific remediation checklist output.

Use Bundled Resources

  • Run scripts/map_findings_to_owasp.py for deterministic mapping.
  • Read references/owasp-mapping-guide.md for category heuristics.

Guardrails

  • Keep guidance remediation-focused.
  • Do not provide exploit payloads or offensive attack playbooks.
安全使用建议
This skill appears coherent and low-risk: the included Python script reads a local JSON payload (limited to 1 MB), maps finding titles to OWASP categories using simple keyword matching, and writes a local output (json/md/csv). Before installing or running it: review the script (already present) to confirm it meets your needs; test with non-sensitive sample findings because scanner outputs can contain IPs, tokens, or PII; be aware the classifier is heuristic/keyword-based and may misclassify—consider enhancing heuristics if you need higher accuracy; run it in an isolated environment if you distrust the unknown publisher (no homepage/author info is provided).
功能分析
Type: OpenClaw Skill Name: cyber-owasp-review Version: 0.1.0 The skill is classified as suspicious due to a path traversal vulnerability in `scripts/map_findings_to_owasp.py`. The script accepts `--input` and `--output` file paths directly from command-line arguments without sanitization, allowing an attacker to specify arbitrary file paths (e.g., `../../../../etc/passwd`) to read or write files outside the intended working directory. While the script's core functionality is benign and there's no evidence of intentional malicious behavior (like data exfiltration or remote execution), this vulnerability could be exploited by a malicious actor or a compromised agent to achieve arbitrary file read/write.
能力评估
Purpose & Capability
Name/description match the included resources: SKILL.md describes mapping findings and the repo includes a mapping script and an OWASP heuristics reference. The Python script implements keyword-based classification and checklist generation which is coherent for this purpose.
Instruction Scope
SKILL.md limits runtime actions to running the bundled script and reading the local reference doc. The instructions do not ask the agent to read unrelated files, access environment variables, or contact external endpoints.
Install Mechanism
No install spec is provided (instruction-only with bundled script). Nothing is downloaded or extracted from external URLs; risk from install mechanism is minimal.
Credentials
No required environment variables, credentials, or config paths are declared and the code does not attempt to access such values. The skill does not require secrets or cloud credentials to perform its stated task.
Persistence & Privilege
The skill does not request persistent/system-wide presence (always:false) and does not modify other skills or global agent settings. It runs as a local script with no autonomous privilege escalations.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install cyber-owasp-review
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /cyber-owasp-review 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
- Initial release of cyber-owasp-review. - Maps application security findings to OWASP Top 10 categories. - Generates remediation checklists grouped by category and severity. - Includes scripts and guides for deterministic mapping and category heuristics. - Focuses strictly on remediation—no exploit or offensive guidance provided.
元数据
Slug cyber-owasp-review
版本 0.1.0
许可证
累计安装 3
当前安装数 2
历史版本数 1
常见问题

Cyber Owasp Review 是什么?

Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 546 次。

如何安装 Cyber Owasp Review?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cyber-owasp-review」即可一键安装,无需额外配置。

Cyber Owasp Review 是免费的吗?

是的,Cyber Owasp Review 完全免费(开源免费),可自由下载、安装和使用。

Cyber Owasp Review 支持哪些平台?

Cyber Owasp Review 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Cyber Owasp Review?

由 Muhammad Mazhar Saeed(@0x-professor)开发并维护,当前版本 v0.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 留言讨论