claude-code-owasp MCP — Anwendungsfälle, Installieren & Live-Demo

Warum nutzen

Hauptfunktionen

OWASP Top 10:2025 coverage
ASVS 5.0 verification levels L1/L2/L3
Agentic AI security section (prompt injection, tool misuse, data exfiltration)
20+ language-specific security quirks
Ready-made threat-model prompts
Cross-checks against CVE databases when relevant

Live-Demo

In der Praxis

claude-code-owasp-skill.replay ▶ bereit

0/0

Installieren

Wählen Sie Ihren Client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Öffne Claude Desktop → Settings → Developer → Edit Config. Nach dem Speichern neu starten.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Cursor nutzt das gleiche mcpServers-Schema wie Claude Desktop. Projektkonfiguration schlägt die globale.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Klicken Sie auf das MCP-Servers-Symbol in der Cline-Seitenleiste, dann "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Gleiche Struktur wie Claude Desktop. Windsurf neu starten zum Übernehmen.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-code-owasp-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ]
    }
  ]
}

Continue nutzt ein Array von Serverobjekten statt einer Map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-code-owasp-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/agamm/claude-code-owasp",
          "~/.claude/skills/claude-code-owasp"
        ]
      }
    }
  }
}

In context_servers hinzufügen. Zed lädt beim Speichern neu.

claude mcp add claude-code-owasp-skill -- git clone https://github.com/agamm/claude-code-owasp ~/.claude/skills/claude-code-owasp

Einzeiler. Prüfen mit claude mcp list. Entfernen mit claude mcp remove.

Anwendungsfälle

Praxisnahe Nutzung: claude-code-owasp

How to security-review a PR with OWASP Top 10 in mind

👤 Developers doing self-review before requesting human review ⏱ ~20 min intermediate

Wann einsetzen: Before you click 'Ready for review' on a PR that touches auth, data, or input handling.

Voraussetzungen

Skill installed — git clone https://github.com/agamm/claude-code-owasp ~/.claude/skills/claude-code-owasp

Ablauf

Point at the diff

Review the current PR against OWASP Top 10:2025. Focus on auth and input handling.✓ Kopiert

→ Findings mapped to Top 10 categories with line references
Prioritize

Group findings into 'must-fix before merge' vs 'follow-up issue'. Cite the specific ASVS requirement.✓ Kopiert

→ Ranked list with ASVS IDs
Generate fixes

For each must-fix, propose the minimal diff.✓ Kopiert

→ Patch diffs keyed to findings

Ergebnis: A PR that ships with known security issues resolved, with traceable requirements.

Fallstricke

Over-alerting on benign patterns — Ask Claude to show the exploit path concretely; if it can't, downgrade the severity

Run a lightweight threat model on a new feature

👤 Engineers designing a feature involving user data ⏱ ~40 min advanced

Wann einsetzen: Design stage, before writing the code, when the blast radius is still negotiable.

Ablauf

Describe the feature

Feature: share-by-link for customer reports. Users generate tokenized URLs valid 7 days. Threat-model with OWASP agentic AI guidance included.✓ Kopiert

→ STRIDE-style list of threats
Pick controls

For each threat, what's the cheapest control that mitigates 80%?✓ Kopiert

→ Per-threat control + rejection rationale for expensive ones

Ergebnis: A threat model document you can attach to the design doc.

Fallstricke

Over-engineered control list — Explicitly limit to top-5 threats by likelihood × impact

Harden an AI agent integration against prompt injection

👤 Engineers shipping Claude/LLM-powered features ⏱ ~30 min advanced

Wann einsetzen: You're about to let an LLM touch user data or call tools.

Ablauf

Describe the agent surface

Our agent reads support emails and can call 3 tools: refund(), tag_account(), escalate(). Review for agentic AI risks.✓ Kopiert

→ Prompt-injection vectors, tool-misuse risks, data exfil paths
Design guardrails

Propose a minimal guardrail set: which tools need human confirm, which inputs need sanitization, what logging is required.✓ Kopiert

→ Concrete guardrail spec

Ergebnis: A hardened agent design with documented guardrails.

Fallstricke

Relying on prompt-based defenses alone — Combine with deterministic controls — human-in-loop for destructive tools, allowlists for URLs

Audit for language-specific security quirks

👤 Reviewers checking a codebase in a language they don't know deeply ⏱ ~15 min intermediate

Wann einsetzen: You're reviewing Python code as a TS native, or vice versa.

Ablauf

Scope to language

Review this Python module for Python-specific OWASP quirks (pickle, yaml.load, shell=True, etc.).✓ Kopiert

→ Language-specific findings beyond generic Top 10

Ergebnis: Catches that a language-agnostic review would miss.

Kombinationen

Mit anderen MCPs für 10-fache Wirkung

claude-code-owasp-skill + claude-code-skill-factory-skill

Skill Factory wires OWASP checks as PreToolUse hooks for automatic gating

Use skill-factory /build hook to run OWASP review on every Write tool call in our repo.✓ Kopiert

claude-code-owasp-skill + seo-audit-skill

Overlap on security headers

Run seo-audit security category, then deeper OWASP review on the hits.✓ Kopiert

claude-code-owasp-skill + robotics-agent-skill

Secure ROS networking (rosbridge, Zenoh)

Robotics skill produced a rosbridge websocket — run OWASP review on it.✓ Kopiert

Werkzeuge

Was dieses MCP bereitstellt

Werkzeug	Eingaben	Wann aufrufen	Kosten
Top 10:2025 review	diff or files	PR self-review	Claude tokens
ASVS requirement check	feature spec	Compliance work	Claude tokens
Agentic AI threat model	agent design	Shipping LLM features	Claude tokens
Language-specific audit	language, files	Cross-language review	Claude tokens
Threat model (STRIDE)	feature description	Design phase	Claude tokens

Kosten & Limits

Was der Betrieb kostet

API-Kontingent: None
Tokens pro Aufruf: 5-20k per review depending on code size
Kosten in €: Free
Tipp: Scope reviews to changed files, not the whole repo.

Sicherheit

Rechte, Secrets, Reichweite

Credential-Speicherung: No credentials

Datenabfluss: Code is sent to Claude for inference

Not a replacement for human security review on anything material. Treat as a force multiplier.

Fehlerbehebung

Häufige Fehler und Lösungen

Claude ignores OWASP context and gives generic advice

Explicitly name the guidance: 'Apply OWASP Top 10:2025 category A03:2025 Injection here.'

Too many false positives

Require an exploit walkthrough before accepting a finding

Alternativen

claude-code-owasp vs. andere

Alternative	Wann stattdessen	Kompromiss
Semgrep / Snyk	You want deterministic static analysis in CI	Different strengths; combine both

Mehr

Ressourcen

📖 Offizielle README auf GitHub lesen

🐙 Offene Issues ansehen

🔍 Alle 400+ MCP-Server und Skills durchsuchen