home / skills / openclaw / skills / cyber-owasp-review

cyber-owasp-review skill

safe

This skill maps security findings to OWASP Top 10 categories and generates remediation checklists for prioritized, category-specific action.

npx playbooks add skill openclaw/skills --skill cyber-owasp-review

Review the files below or copy the command above to add this skill to your agents.

Files (5)

SKILL.md

882 B

---
name: cyber-owasp-review
description: Map application security findings to OWASP Top 10 categories and generate remediation checklists. Use for normalized AppSec review outputs and category-level prioritization.
---

# Cyber OWASP Review

## Overview

Normalize application security findings into OWASP categories and produce remediation actions.

## Workflow

1. Ingest raw findings from scanners, tests, or reviews.
2. Map findings to OWASP categories using keyword and context matching.
3. Aggregate findings by category and severity.
4. Produce category-specific remediation checklist output.

## Use Bundled Resources

- Run `scripts/map_findings_to_owasp.py` for deterministic mapping.
- Read `references/owasp-mapping-guide.md` for category heuristics.

## Guardrails

- Keep guidance remediation-focused.
- Do not provide exploit payloads or offensive attack playbooks.

Overview

This skill normalizes application security findings into OWASP Top 10 categories and generates actionable remediation checklists. I designed it to produce consistent, category-level outputs that support prioritization and stakeholder communication. The focus is on remediation guidance, not offensive techniques.

How this skill works

The skill ingests raw findings from scanners, penetration tests, and manual reviews, then maps each finding to an OWASP Top 10 category using keyword and contextual heuristics. Findings are aggregated by category and severity to create prioritized remediation checklists. A deterministic mapping script and a mapping guide are included to reproducibly align new findings with OWASP categories.

When to use it

Consolidating outputs from multiple security scanners into a single, normalized view
Creating prioritized remediation plans for development or security teams
Preparing executive or program-level summaries grouped by OWASP categories
Standardizing reporting formats across projects or tools
Validating that findings are consistently classified before triage

Best practices

Supply raw findings with context (request/response, code snippets, stack traces) to improve mapping accuracy
Review and tune keyword heuristics for your application stack and common false positives
Aggregate findings by severity and affected components to help focused remediation sprints
Use the generated checklists as a developer-facing starting point, then refine with code-level remediation steps
Keep the mapping guide updated as new patterns and CWE mappings appear

Example use cases

Run the mapping script after a multi-tool scan to produce one OWASP-classified report for the security committee
Automate nightly ingestion of CI scanner output and append findings to category-level backlog items
Create a remediation kickoff for a sprint by exporting checklists for the top three OWASP categories found
Train triage teams to use normalized categories so severity and workload estimates are comparable across projects

FAQ

Does the skill provide exploit details or offensive payloads?

No. Guidance is remediation-focused and explicitly avoids exploit payloads or step-by-step attack playbooks.

Can I customize the mapping rules?

Yes. The mapping uses keyword and context heuristics; you can adjust rules and the mapping guide to match your environment.