checking-owasp-compliance

This skill uses the owasp-compliance-checker plugin to automatically identify potential security vulnerabilities based on the OWASP Top 10 (2021) list. It helps ensure your application adheres to industry-standard security practices by providing a detailed analysis of compliance gaps and offering remediation guidance. Use this skill when you need to audit your code for OWASP compliance, identify and fix vulnerabilities, or generate a compliance report. Trigger this skill by asking to "check OWASP compliance", "scan for OWASP vulnerabilities", or using the `/owasp` shortcut.

Install with Tessl CLI

npx tessl i github:jeremylongshore/claude-code-plugins-plus-skills --skill checking-owasp-compliance

What are skills?

1.07x

Quality

60%

Does it follow best practices?

Impact

97%

1.07x

Average score across 9 eval scenarios

Optimize this skill with Tessl

npx tessl skill review --optimize ./backups/skill-structure-cleanup-20251108-073936/plugins/security/owasp-compliance-checker/skills/owasp-compliance-checker/SKILL.md

SKILL.md

Review

Evals

Evaluation results

100%

OWASP Security Compliance Assessment

OWASP compliance report generation

Criteria

Without context

With context

OWASP Top 10 structure

100%

All categories addressed

100%

Compliance gaps identified

100%

SQL injection finding

100%

Cryptographic failure finding

100%

Access control finding

100%

Injection / deserialization finding

100%

Remediation per issue

100%

Severity ranking present

100%

Priority ordering

100%

summary.json structure

100%

Without context: $0.4329 · 2m 34s · 9 turns · 10 in / 9,734 out tokens

With context: $0.7344 · 3m 34s · 23 turns · 75 in / 13,095 out tokens

100%

Security Remediation for Node.js User Portal

OWASP scan with automated code fixes

Criteria

Without context

With context

Remediation plan produced

100%

Severity labels on issues

100%

Priority ordering in plan

100%

Specific remediation guidance

100%

SQL injection fixed

100%

Access control fixed

100%

Weak cryptography fixed

100%

Path traversal fixed

100%

Error info leakage fixed

100%

Compliance gaps documented

100%

Without context: $0.3542 · 1m 35s · 12 turns · 61 in / 6,509 out tokens

With context: $0.6840 · 2m 38s · 29 turns · 340 in / 9,320 out tokens

100%

Ongoing OWASP Compliance Monitoring Setup

OWASP continuous workflow integration

Criteria

Without context

With context

CI workflow file exists

100%

PR trigger configured

100%

Scheduled scan configured

100%

Report artifact uploaded

100%

OWASP Top 10 (2021) report template

100%

Compliance gap fields in template

100%

Remediation guidance fields

100%

Severity in template

100%

Priority-based response documented

100%

Continuous monitoring described

100%

Developer response process

100%

Without context: $0.5435 · 2m 47s · 15 turns · 16 in / 10,769 out tokens

With context: $0.6656 · 2m 36s · 28 turns · 28 in / 9,520 out tokens

95%

25%

Authentication Security Review for PHP Member Portal

Targeted OWASP category scan

Criteria

Without context

With context

OWASP 2021 category labels

100%

SQL injection identified

100%

Weak cryptography identified

100%

Session fixation identified

100%

Predictable reset token identified

100%

Compliance gap framing

10%

100%

Specific remediation guidance

100%

Severity levels assigned

100%

Severity-ordered findings

62%

findings_summary.json structure

40%

80%

Session info leakage identified

100%

Without context: $0.4042 · 2m 7s · 11 turns · 12 in / 7,961 out tokens

With context: $0.8886 · 3m 55s · 30 turns · 341 in / 14,700 out tokens

96%

-3%

Security Compliance Report for Insurance Platform Vendor Assessment

Formal compliance audit report

Criteria

Without context

With context

OWASP Top 10 (2021) structure

100%

All 10 categories addressed

100%

Compliance gap framing

100%

XXE vulnerability identified

100%

Weak cryptography identified

100%

Path traversal identified

100%

Stack trace exposure identified

100%

Exposed actuator endpoints identified

100%

Specific remediation guidance

100%

Severity ratings on findings

87%

100%

Executive summary exists

100%

Priority ordering

100%

50%

Without context: $0.4470 · 2m 52s · 9 turns · 10 in / 9,968 out tokens

With context: $0.5533 · 3m · 17 turns · 18 in / 9,833 out tokens

97%

Automated Security Scan and Fix Pipeline for E-Learning Platform

OWASP scan with auto-remediation workflow

Criteria

Without context

With context

OWASP 2021 category labels

100%

Compliance gap framing

87%

100%

Severity ordering

25%

62%

SQL injection identified

100%

OS command injection identified

100%

Unsafe YAML loading identified

100%

Security misconfiguration identified

100%

Specific remediation guidance

100%

Remediation script fixes SQL injection

100%

Remediation script fixes unsafe YAML

100%

Remediation script fixes settings

100%

Fixed files produced

100%

Script comments explain fixes

100%

Without context: $0.4604 · 2m 10s · 13 turns · 14 in / 8,676 out tokens

With context: $1.0225 · 3m 48s · 38 turns · 37 in / 14,145 out tokens

98%

Security Review: Healthcare Portal Rails Application

Ruby on Rails OWASP review

Criteria

Without context

With context

OWASP 2021 categories used

100%

Compliance gap framing

100%

Mass assignment identified

100%

SQL injection identified

100%

Hardcoded secret identified

100%

Auth bypass identified

100%

Verbose error disclosure identified

100%

Specific remediation guidance

100%

Severity levels assigned

100%

Severity ordering

100%

findings_summary.json structure

75%

All 10 categories addressed

50%

100%

Without context: $0.4024 · 2m 8s · 11 turns · 11 in / 8,389 out tokens

With context: $0.5648 · 2m 50s · 17 turns · 66 in / 10,821 out tokens

98%

12%

Security Review: SaaS Platform GraphQL API

GraphQL API security assessment

Criteria

Without context

With context

OWASP 2021 category labels

40%

100%

Compliance gap framing

70%

100%

Introspection exposure identified

100%

Broken auth on mutations identified

100%

NoSQL injection identified

100%

Weak JWT configuration identified

87%

100%

Error detail exposure identified

85%

100%

Query depth/complexity identified

100%

Specific remediation guidance

100%

Severity levels assigned

100%

Severity ordering

100%

findings_summary.json structure

62%

75%

Without context: $0.3955 · 2m 14s · 9 turns · 10 in / 8,560 out tokens

With context: $0.5382 · 2m 50s · 17 turns · 59 in / 10,231 out tokens

97%

37%

Security Review: E-Commerce Platform Container Deployment

Container deployment security review

Criteria

Without context

With context

OWASP 2021 category labels

100%

Compliance gap framing

100%

Root container user identified

62%

100%

Hardcoded secrets in config identified

66%

100%

Unnecessary capabilities identified

62%

100%

Exposed sensitive ports identified

62%

100%

Outdated base image identified

62%

100%

Unencrypted inter-service communication identified

71%

100%

Specific remediation guidance

100%

Severity levels assigned

100%

Severity ordering

100%

75%

findings_summary.json structure

50%

83%

Without context: $0.4701 · 3m 11s · 7 turns · 8 in / 11,752 out tokens

With context: $0.6696 · 3m 31s · 18 turns · 281 in / 13,598 out tokens

Evaluated: 6 days ago
Agent: Claude Code
Model: Claude Sonnet 4.6

Table of Contents

OWASP Security Compliance Assessment Security Remediation for Node.js User Portal Ongoing OWASP Compliance Monitoring Setup Authentication Security Review for PHP Member Portal Security Compliance Report for Insurance Platform Vendor Assessment Automated Security Scan and Fix Pipeline for E-Learning Platform Security Review: Healthcare Portal Rails Application Security Review: SaaS Platform GraphQL API Security Review: E-Commerce Platform Container Deployment

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.