claude-code-owasp MCP — Use Cases, Install & Live Demo

Why use it

Key features

OWASP Top 10:2025 coverage
ASVS 5.0 verification levels L1/L2/L3
Agentic AI security section (prompt injection, tool misuse, data exfiltration)
20+ language-specific security quirks
Ready-made threat-model prompts
Cross-checks against CVE databases when relevant

Live Demo

What it looks like in practice

claude-code-owasp-skill.replay ▶ ready

0/0

Install

Pick your client

~/Library/Application Support/Claude/claude_desktop_config.json · Windows: %APPDATA%\Claude\claude_desktop_config.json

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Open Claude Desktop → Settings → Developer → Edit Config. Restart after saving.

~/.cursor/mcp.json · .cursor/mcp.json

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Cursor uses the same mcpServers schema as Claude Desktop. Project config wins over global.

VS Code → Cline → MCP Servers → Edit

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Click the MCP Servers icon in the Cline sidebar, then "Edit Configuration".

~/.codeium/windsurf/mcp_config.json

{
  "mcpServers": {
    "claude-code-owasp-skill": {
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ],
      "_inferred": true
    }
  }
}

Same shape as Claude Desktop. Restart Windsurf to pick up changes.

~/.continue/config.json

{
  "mcpServers": [
    {
      "name": "claude-code-owasp-skill",
      "command": "git",
      "args": [
        "clone",
        "https://github.com/agamm/claude-code-owasp",
        "~/.claude/skills/claude-code-owasp"
      ]
    }
  ]
}

Continue uses an array of server objects rather than a map.

~/.config/zed/settings.json

{
  "context_servers": {
    "claude-code-owasp-skill": {
      "command": {
        "path": "git",
        "args": [
          "clone",
          "https://github.com/agamm/claude-code-owasp",
          "~/.claude/skills/claude-code-owasp"
        ]
      }
    }
  }
}

Add to context_servers. Zed hot-reloads on save.

claude mcp add claude-code-owasp-skill -- git clone https://github.com/agamm/claude-code-owasp ~/.claude/skills/claude-code-owasp

One-liner. Verify with claude mcp list. Remove with claude mcp remove.

Use Cases

Real-world ways to use claude-code-owasp

How to security-review a PR with OWASP Top 10 in mind

👤 Developers doing self-review before requesting human review ⏱ ~20 min intermediate

When to use: Before you click 'Ready for review' on a PR that touches auth, data, or input handling.

Prerequisites

Skill installed — git clone https://github.com/agamm/claude-code-owasp ~/.claude/skills/claude-code-owasp

Flow

Point at the diff

Review the current PR against OWASP Top 10:2025. Focus on auth and input handling.✓ Copied

→ Findings mapped to Top 10 categories with line references
Prioritize

Group findings into 'must-fix before merge' vs 'follow-up issue'. Cite the specific ASVS requirement.✓ Copied

→ Ranked list with ASVS IDs
Generate fixes

For each must-fix, propose the minimal diff.✓ Copied

→ Patch diffs keyed to findings

Outcome: A PR that ships with known security issues resolved, with traceable requirements.

Pitfalls

Over-alerting on benign patterns — Ask Claude to show the exploit path concretely; if it can't, downgrade the severity

Run a lightweight threat model on a new feature

👤 Engineers designing a feature involving user data ⏱ ~40 min advanced

When to use: Design stage, before writing the code, when the blast radius is still negotiable.

Flow

Describe the feature

Feature: share-by-link for customer reports. Users generate tokenized URLs valid 7 days. Threat-model with OWASP agentic AI guidance included.✓ Copied

→ STRIDE-style list of threats
Pick controls

For each threat, what's the cheapest control that mitigates 80%?✓ Copied

→ Per-threat control + rejection rationale for expensive ones

Outcome: A threat model document you can attach to the design doc.

Pitfalls

Over-engineered control list — Explicitly limit to top-5 threats by likelihood × impact

Harden an AI agent integration against prompt injection

👤 Engineers shipping Claude/LLM-powered features ⏱ ~30 min advanced

When to use: You're about to let an LLM touch user data or call tools.

Flow

Describe the agent surface

Our agent reads support emails and can call 3 tools: refund(), tag_account(), escalate(). Review for agentic AI risks.✓ Copied

→ Prompt-injection vectors, tool-misuse risks, data exfil paths
Design guardrails

Propose a minimal guardrail set: which tools need human confirm, which inputs need sanitization, what logging is required.✓ Copied

→ Concrete guardrail spec

Outcome: A hardened agent design with documented guardrails.

Pitfalls

Relying on prompt-based defenses alone — Combine with deterministic controls — human-in-loop for destructive tools, allowlists for URLs

Audit for language-specific security quirks

👤 Reviewers checking a codebase in a language they don't know deeply ⏱ ~15 min intermediate

When to use: You're reviewing Python code as a TS native, or vice versa.

Flow

Scope to language

Review this Python module for Python-specific OWASP quirks (pickle, yaml.load, shell=True, etc.).✓ Copied

→ Language-specific findings beyond generic Top 10

Outcome: Catches that a language-agnostic review would miss.

Combinations

Pair with other MCPs for X10 leverage

claude-code-owasp-skill + claude-code-skill-factory-skill

Skill Factory wires OWASP checks as PreToolUse hooks for automatic gating

Use skill-factory /build hook to run OWASP review on every Write tool call in our repo.✓ Copied

claude-code-owasp-skill + seo-audit-skill

Overlap on security headers

Run seo-audit security category, then deeper OWASP review on the hits.✓ Copied

claude-code-owasp-skill + robotics-agent-skill

Secure ROS networking (rosbridge, Zenoh)

Robotics skill produced a rosbridge websocket — run OWASP review on it.✓ Copied

Tools

What this MCP exposes

Tool	Inputs	When to call	Cost
Top 10:2025 review	diff or files	PR self-review	Claude tokens
ASVS requirement check	feature spec	Compliance work	Claude tokens
Agentic AI threat model	agent design	Shipping LLM features	Claude tokens
Language-specific audit	language, files	Cross-language review	Claude tokens
Threat model (STRIDE)	feature description	Design phase	Claude tokens

Cost & Limits

What this costs to run

API quota: None
Tokens per call: 5-20k per review depending on code size
Monetary: Free
Tip: Scope reviews to changed files, not the whole repo.

Security

Permissions, secrets, blast radius

Credential storage: No credentials

Data egress: Code is sent to Claude for inference

Not a replacement for human security review on anything material. Treat as a force multiplier.

Troubleshooting

Common errors and fixes

Claude ignores OWASP context and gives generic advice

Explicitly name the guidance: 'Apply OWASP Top 10:2025 category A03:2025 Injection here.'

Too many false positives

Require an exploit walkthrough before accepting a finding

Alternatives

claude-code-owasp vs others

Alternative	When to use it instead	Tradeoff
Semgrep / Snyk	You want deterministic static analysis in CI	Different strengths; combine both

More

Resources

📖 Read the official README on GitHub

🐙 Browse open issues

🔍 Browse all 400+ MCP servers and Skills