OWASP Audit Skill

Skill

Deep OWASP Top 10 audit with remediation playbooks and CWE references.

4.8(168)48.2k installs2.1k likesUpdated 1 month ago

Low riskApache-2.0Security reviewedOpen Source

OWASP Audit Skill

A structured OWASP Top 10 (2021) audit packaged as a Claude skill. Each finding is mapped to its OWASP category, CWE id, severity, and a remediation playbook.

Coverage

A01 Broken Access Control · A02 Cryptographic Failures · A03 Injection · A04 Insecure Design · A05 Security Misconfiguration · A06 Vulnerable Components · A07 Auth Failures · A08 Integrity Failures · A09 Logging Failures · A10 SSRF

How it works

The skill walks your repository, builds a category-by-category report, and produces a compliance-style summary you can attach to a release.

bash

npx nuclexa install owasp-audit --target claude-code

Output

Each finding includes: OWASP category · CWE · severity · evidence · fix.

Demo

owasp-audit — preview

Interactive demo coming soon

A short walkthrough of OWASP Audit Skill in action will appear here.

Supported platforms

CCClaude CodeCDClaude Desktop

Installation

Install or export OWASP Audit Skill for any platform it supports.

Claude Code

$ npx nuclexa install owasp-audit --target claude-code

Claude Desktop

$ npx nuclexa install owasp-audit --target claude-desktop

Required permissions

Low risk

Read files
Read files in the workspace.
Write files
Create or modify files in the workspace.
Run shell commands
Execute commands in your shell.
Network access
Make outbound network requests.
Access environment variables
Read process environment variables.
Access browser
Control a browser session.
Access git history
Read commit history and diffs.
Access secrets
Read configured secrets and tokens.

Compatibility

How OWASP Audit Skill behaves across supported runtimes.

Platform	Status	Install method
CCClaude Code	Supported	CLI install
CDClaude Desktop	Supported	Desktop install

License & safety

License

Apache-2.0Open source — free for commercial use.

Safety note

Every install shows its full permission scope before it runs. This package has been security reviewed by Nuclexa.

Platform

Status

Install method

CCClaude Code

Supported

CLI install

CDClaude Desktop

Supported

Desktop install