What types of vulnerabilities can this skill detect?

It identifies common risks including SQL injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), insecure authentication, and sensitive data exposure.

What is the OWASP Security Reviewer skill?

It is a specialized capability for Claude Code that enables automated security audits and implementation guidance based on the industry-standard OWASP Top 10 framework.

Does it help with dependency management?

Yes, it includes built-in checklists and guidance for auditing third-party packages using tools like npm or yarn audit to find known vulnerabilities.

Does it support Japanese language security queries?

Yes, the skill is configured to trigger on both English and Japanese security-related keywords such as '脆弱性' (vulnerability) and 'セキュリティ' (security).

When should I use this skill?

Use it during code reviews, before major releases, or whenever you are implementing sensitive features like login systems, database queries, or API endpoints.

OWASP Security Reviewer

Name: OWASP Security Reviewer
Author: thkt

bythkt

•

セキュリティとテスト

Conducts comprehensive security audits and vulnerability detection based on the OWASP Top 10 framework.

The reviewing-security skill empowers Claude to perform in-depth security analysis by identifying vulnerabilities like SQL injection, XSS, and CSRF while enforcing OWASP Top 10 best practices. It provides a structured methodology for auditing authentication flows, data protection strategies, and input validation, making it an essential tool for developers aiming to build resilient, production-ready applications with defense-in-depth principles.

主な機能

01Detection of injection vulnerabilities (SQL, XSS, CSRF, SSRF)

02Authentication and session management security review

03OWASP Top 10 compliance auditing

043 GitHub stars

05Automated dependency vulnerability scanning guidance

06Sensitive data protection and encryption validation

ユースケース

01Hardening authentication and authorization logic

02Pre-deployment security audits for web applications

03Identifying and mitigating injection risks in legacy codebases

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add thkt/claude-config reviewing-security

For use in Claude.ai and ChatGPT

Download Skill