by agamm
Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks.
# Add to your Claude Code skills
git clone https://github.com/agamm/claude-code-owaspGuides for using ai agents skills like claude-code-owasp.
Last scanned: 5/30/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-30T15:34:22.466Z",
"npmAuditRan": true,
"pipAuditRan": true
}claude-code-owasp is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by agamm. Claude Code skill for OWASP security best practices (2025-2026). Includes Top 10:2025, ASVS 5.0, Agentic AI security, and 20+ language-specific security quirks. It has 278 GitHub stars.
Yes. claude-code-owasp passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/agamm/claude-code-owasp" and add it to your Claude Code skills directory (see the Installation section above).
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh claude-code-owasp against similar tools.
No comments yet. Be the first to share your thoughts!
A Claude Code skill providing the latest OWASP security best practices (2025-2026) for developers building secure applications.
The skill is a directory (SKILL.md plus on-demand reference/ files), so install the whole
folder. The easiest way is degit, which copies a
GitHub subdirectory without the .git history:
npx degit agamm/claude-code-owasp/.claude/skills/owasp-security .claude/skills/owasp-security
Or install globally for all projects:
npx degit agamm/claude-code-owasp/.claude/skills/owasp-security ~/.claude/skills/owasp-security
Location: .claude/skills/owasp-security/
SKILL.md (the always-loaded core):
reference/ (loaded on demand, following Claude Code progressive-disclosure best practices):
languages.md - language-specific security quirks for 20+ languages with unsafe/safe examplesowasp-report.md - comprehensive deep-dive on every OWASP 2025-2026 standardOnce installed, Claude Code automatically activates this skill when you:
"Review this code for security issues"
"Is this authentication implementation secure?"
"What are the security risks in this Python code?"
"Help me implement secure session management"
"Check this AI agent for OWASP agentic risks"
| Standard | Version | Focus |
|---|---|---|
| OWASP Top 10 | 2025 | Web application vulnerabilities |
| OWASP ASVS | 5.0.0 | Security verification requirements |
| OWASP Top 10 for LLM Apps | 2025 | LLM/RAG/tool-calling app risks |
| OWASP Agentic | 2026 | AI agent security risks |
Security quirks for 20+ languages including:
| Web | Systems | Mobile | Scripting |
|---|---|---|---|
| JavaScript/TypeScript | C/C++ | Swift | Python |
| PHP | Rust | Kotlin | Ruby |
| Java | Go | Dart | Perl |
| C# | Shell |
Each language section includes common vulnerabilities, unsafe/safe code patterns, and key functions to watch for.
git clone https://github.com/agamm/claude-code-owasp.git
cp -r claude-code-owasp/.claude/skills/owasp-security YOUR_PROJECT/.claude/skills/
Contributions welcome! Please:
MIT License - See LICENSE file for details.
Keywords: OWASP, security, Claude Code, AI security, application security, ASVS, secure coding, vulnerability, injection, XSS, CSRF, authentication, authorization