← 返回 Skills 市场
musharsec

OWASP Top 10 AI

作者 musharsec · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
97
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install raigo-owasp-top-10-llm
功能描述
RAIGO × OWASP LLM Top 10 — official OWASP LLM Application Security Top 10 (2025) enforcement rules for OpenClaw agents. Covers all 10 OWASP LLM risks: prompt...
安全使用建议
This appears to be a coherent, instruction-only OWASP LLM enforcement skill and does not request secrets or install code — that lowers its risk. Before enabling it broadly: (1) verify the skill's provenance (the homepage is provided but the source is 'unknown'); (2) test it in a safe environment to confirm the agent enforces the deny/warn responses as intended; (3) review and, if needed, customize the deny/warn messages and any auditing outputs so they don't accidentally expose sensitive context; and (4) remember instruction-only skills rely on the host agent to implement them correctly, so ensure the agent’s runtime and tooling cannot be bypassed or misconfigured in ways that defeat these rules.
功能分析
Type: OpenClaw Skill Name: raigo-owasp-top-10-llm Version: 1.0.0 The skill bundle (raigo-owasp-top-10-llm) is a defensive security tool designed to implement the OWASP Top 10 for LLM Applications (2025) guardrails within an OpenClaw agent. The SKILL.md file contains instructions for the agent to detect and block prompt injection (LLM01), prevent sensitive data disclosure (LLM02), and require user confirmation before executing generated code (LLM05). No malicious logic, data exfiltration, or unauthorized execution patterns were identified; the content is entirely focused on enhancing the agent's security posture.
能力评估
Purpose & Capability
The name and description claim an OWASP Top-10 enforcement policy and the SKILL.md contains rule definitions and concrete deny/warn responses. There are no unexpected binaries, env vars, or install steps requested — this matches the stated intent.
Instruction Scope
The instructions are policy/rule text that tell the agent when to block, warn, or audit; they do not request unrelated system files, credentials, or remote downloads. The file enumerates prompt-injection phrases (e.g., "ignore previous instructions") as detection patterns — this triggered the scanner but is appropriate here because the skill intends to detect/deny those patterns. Verify the agent runtime actually enforces these rules as written.
Install Mechanism
There is no install spec and no code to download or execute. Being instruction-only minimizes installation risk.
Credentials
The skill declares no required env vars, credentials, or config paths. That is proportionate to an enforcement/policy skill.
Persistence & Privilege
Flags are default (not always:true). The skill is user-invocable and allows model invocation (platform default) but does not request elevated persistent privileges or modify other skills.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install raigo-owasp-top-10-llm
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /raigo-owasp-top-10-llm 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release with enforcement rules for the official OWASP LLM Application Security Top 10 (2025). - Maps each of the 10 OWASP LLM risks (including prompt injection, sensitive information disclosure, output handling, model poisoning, supply chain, and others) directly to practical deny/warn/audit rules. - Includes clear detection patterns and required responses for each risk. - Designed for seamless integration with OpenClaw agents; works standalone or alongside raigo Agent Firewall. - No engine, compile step, or extra configuration required—works out of the box for OWASP LLM compliance.
元数据
Slug raigo-owasp-top-10-llm
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

OWASP Top 10 AI 是什么?

RAIGO × OWASP LLM Top 10 — official OWASP LLM Application Security Top 10 (2025) enforcement rules for OpenClaw agents. Covers all 10 OWASP LLM risks: prompt... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 97 次。

如何安装 OWASP Top 10 AI?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install raigo-owasp-top-10-llm」即可一键安装,无需额外配置。

OWASP Top 10 AI 是免费的吗?

是的,OWASP Top 10 AI 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OWASP Top 10 AI 支持哪些平台?

OWASP Top 10 AI 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OWASP Top 10 AI?

由 musharsec(@musharsec)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论