技能详情(站内镜像,无评论)
作者:Muhammad Mazhar Saeed @0x-professor
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.1.0
统计:⭐ 0 · 350 · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :可疑 · OpenClaw :良性
Package:0x-professor/cyber-owasp-review
安全扫描(ClawHub)
- VirusTotal :可疑
- OpenClaw :良性
OpenClaw 评估
The skill's files, instructions, and behavior align with its stated purpose (mapping findings to OWASP categories) and request no credentials or elevated privileges.
目的
Name/description match the included resources: SKILL.md describes mapping findings and the repo includes a mapping script and an OWASP heuristics reference. The Python script implements keyword-based classification and checklist generation which is coherent for this purpose.
说明范围
SKILL.md limits runtime actions to running the bundled script and reading the local reference doc. The instructions do not ask the agent to read unrelated files, access environment variables, or contact external endpoints.
安装机制
No install spec is provided (instruction-only with bundled script). Nothing is downloaded or extracted from external URLs; risk from install mechanism is minimal.
证书
No required environment variables, credentials, or config paths are declared and the code does not attempt to access such values. The skill does not require secrets or cloud credentials to perform its stated task.
持久
The skill does not request persistent/system-wide presence (always:false) and does not modify other skills or global agent settings. It runs as a local script with no autonomous privilege escalations.
综合结论
This skill appears coherent and low-risk: the included Python script reads a local JSON payload (limited to 1 MB), maps finding titles to OWASP categories using simple keyword matching, and writes a local output (json/md/csv). Before installing or running it: review the script (already present) to confirm it meets your needs; test with non-sensitive sample findings because scanner outputs can contain IPs, tokens, or PII; be aware the classifie…
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Cyber Owasp Review」。简介:Map application security findings to OWASP Top 10 categories and generate remed…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/0x-professor/cyber-owasp-review/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: cyber-owasp-review
description: Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level prioritization.
---
# Cyber OWASP Review
## Overview
Normalize application security findings into OWASP categories and produce remediation actions.
## Workflow
1. Ingest raw findings from scanners, tests, or reviews.
2. Map findings to OWASP categories using keyword and context matching.
3. Aggregate findings by category and severity.
4. Produce category-specific remediation checklist output.
## Use Bundled Resources
- Run `scripts/map_findings_to_owasp.py` for deterministic mapping.
- Read `references/owasp-mapping-guide.md` for category heuristics.
## Guardrails
- Keep guidance remediation-focused.
- Do not provide exploit payloads or offensive attack playbooks.