Can I use this skill for automated security reviews?

Absolutely. It is designed for use by a 'security-auditor' agent to scan repositories, identify common pitfalls, and suggest mitigations before code reaches production.

How does it handle JWT and authentication security?

It implements advanced security measures such as hardcoded algorithm verification, mandatory claim validation (exp, iat, iss, aud), and cookie-based fingerprinting to prevent token sidejacking.

Does this skill provide actual code fixes for vulnerabilities?

Yes, it provides production-ready code examples and implementation patterns for various frameworks to help you transition from vulnerable to secure code instantly.

OWASP Top 10 Security Auditor

Name: OWASP Top 10 Security Auditor
Author: yonatangross

byyonatangross

•

セキュリティとテスト

Audit and secure codebases against the most critical web application security risks using industry-standard mitigation patterns.

The OWASP Top 10 skill transforms Claude into a specialized security auditor capable of identifying and remediating the most prevalent vulnerabilities in modern web applications. It provides actionable guidance and production-ready code patterns to prevent broken access control, cryptographic failures, injection attacks, and insecure design. Whether you are conducting a comprehensive security audit, implementing hardened authentication via JWT, or reviewing code for server-side request forgery (SSRF), this skill ensures your implementation aligns with global security benchmarks and defensive coding best practices.

主な機能

01Detection and remediation of all OWASP Top 10 vulnerability categories

02Hardened JWT implementation patterns with sidejacking protection

03Secure credential management using Argon2 and BCrypt hashing

04Parameterized query patterns to prevent SQL and command injection

05Automated security checklists for production deployment readiness

0629 GitHub stars

ユースケース

01Implementing robust authorization and access control logic

02Remediating vulnerabilities identified by dependency scanners like npm audit

03Conducting automated security audits during the development lifecycle

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add yonatangross/skillforge-claude-plugin owasp-top-10

For use in Claude.ai and ChatGPT

Download Skill