Does it perform dynamic testing (DAST)?

No, this is a static analysis tool (SAST) that examines source code patterns. It does not execute the application or perform runtime penetration testing.

What security standards does this skill follow?

The skill primarily targets the OWASP Top 10 2025 framework, covering critical categories such as Broken Access Control, Injection, and Cryptographic Failures.

What kind of report does the skill generate?

It generates a comprehensive Markdown report including a summary of findings, severity prioritization (Critical to Low), detailed code snippets, and remediation recommendations.

Does this skill automatically fix security bugs?

No, this skill is analysis-only. It identifies vulnerabilities and suggests multiple fix approaches but does not modify your source code to ensure developer control and safety.

Can I scan just the changes in a specific Pull Request?

Yes, you can provide a PR number or a commit SHA as an argument to limit the scan scope specifically to the files that have changed.

OWASP Security Reviewer

Name: OWASP Security Reviewer
Author: mgiovani

bymgiovani

•

安全与测试

Performs automated security audits and OWASP Top 10 compliance checks on pull requests, commits, or entire codebases.

The OWASP Security Reviewer skill transforms Claude into a sophisticated security analyst capable of identifying critical vulnerabilities based on the OWASP Top 10 2025 standards. By deploying parallel specialized agents, it scans code for injection flaws, broken access control, cryptographic failures, and language-specific anti-patterns. It provides high-fidelity, evidence-based reports including line-specific findings, severity ratings, and actionable remediation strategies without ever modifying your source code, making it an essential tool for maintaining a robust security posture during the development lifecycle.

主要功能

01Multi-agent parallel vulnerability analysis

02Evidence-based reporting with exact file paths and line numbers

03Technology stack discovery and language-specific security patterns

04OWASP Top 10 2025 compliance scanning

05Targeted reviews for PRs and specific git commits

062 GitHub stars

使用场景

01Auditing a new Pull Request for security vulnerabilities before merging

02Ensuring OWASP compliance across specific backend or API scopes

03Generating a comprehensive security posture report for an existing legacy codebase

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mgiovani/cc-arsenal review-security

For use in Claude.ai and ChatGPT

Download Skill