OWASP Security for Claude Code

OWASP Security for Claude Code is a comprehensive agent skill that brings current OWASP security best practices directly into Claude Code development workflows. Created by Agam More, this skill covers three major security frameworks: the OWASP Top 10:2025 vulnerability categories, OWASP ASVS 5.0 verification requirements, and the OWASP Agentic AI Security framework (ASI01 through ASI10) addressing risks specific to AI-powered systems in 2026. Once installed, the skill activates automatically whenever Claude Code encounters security-relevant tasks such as reviewing code for vulnerabilities, implementing authentication mechanisms, processing user input, managing cryptographic operations, designing API endpoints, or building AI agent systems. It provides side-by-side comparisons of unsafe and safe code patterns, making it immediately actionable rather than purely theoretical. The skill includes language-specific security guidance for over 20 programming languages spanning web development (JavaScript, TypeScript, PHP), systems programming (C, C++, Rust, Go), mobile development (Swift, Kotlin, Dart), scripting (Python, Ruby, Perl, Shell), and enterprise platforms (Java, C#). Each language section highlights security quirks and pitfalls unique to that ecosystem, such as prototype pollution in JavaScript, memory safety issues in C/C++, or deserialization attacks in Java. A structured code review checklist covers five critical domains: input validation, authentication, access controls, data protection, and error handling. The ASVS 5.0 integration organizes verification requirements by assurance level, allowing teams to select the appropriate depth of security testing for their application's risk profile. The Agentic AI security component addresses emerging threats like prompt injection, tool poisoning, and unauthorized agent actions that are increasingly relevant as AI systems gain more autonomy in development pipelines.