ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cyber Owasp Review

v0.1.0

Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level...

0· 414·2 current·2 all-time
byMuhammad Mazhar Saeed@0x-professor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included resources: SKILL.md describes mapping findings and the repo includes a mapping script and an OWASP heuristics reference. The Python script implements keyword-based classification and checklist generation which is coherent for this purpose.
Instruction Scope
SKILL.md limits runtime actions to running the bundled script and reading the local reference doc. The instructions do not ask the agent to read unrelated files, access environment variables, or contact external endpoints.
Install Mechanism
No install spec is provided (instruction-only with bundled script). Nothing is downloaded or extracted from external URLs; risk from install mechanism is minimal.
Credentials
No required environment variables, credentials, or config paths are declared and the code does not attempt to access such values. The skill does not require secrets or cloud credentials to perform its stated task.
Persistence & Privilege
The skill does not request persistent/system-wide presence (always:false) and does not modify other skills or global agent settings. It runs as a local script with no autonomous privilege escalations.
Assessment
This skill appears coherent and low-risk: the included Python script reads a local JSON payload (limited to 1 MB), maps finding titles to OWASP categories using simple keyword matching, and writes a local output (json/md/csv). Before installing or running it: review the script (already present) to confirm it meets your needs; test with non-sensitive sample findings because scanner outputs can contain IPs, tokens, or PII; be aware the classifier is heuristic/keyword-based and may misclassify—consider enhancing heuristics if you need higher accuracy; run it in an isolated environment if you distrust the unknown publisher (no homepage/author info is provided).

Like a lobster shell, security has layers — review code before you run it.

latestvk9703nj7tsknf5bhm9ganc3xb181wfwe

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Cyber OWASP Review

Overview

Normalize application security findings into OWASP categories and produce remediation actions.

Workflow

  1. Ingest raw findings from scanners, tests, or reviews.
  2. Map findings to OWASP categories using keyword and context matching.
  3. Aggregate findings by category and severity.
  4. Produce category-specific remediation checklist output.

Use Bundled Resources

  • Run scripts/map_findings_to_owasp.py for deterministic mapping.
  • Read references/owasp-mapping-guide.md for category heuristics.

Guardrails

  • Keep guidance remediation-focused.
  • Do not provide exploit payloads or offensive attack playbooks.

Files

4 total
Select a file
Select a file to preview.

Comments

Loading comments…