owasp-security
Enhances code security by applying OWASP standards for vulnerability prevention and secure coding practices.
Install this skill
Security score
The owasp-security skill was audited on Feb 15, 2026 and we found 14 security issues across 2 threat categories, including 5 critical. Review the findings below before installing.
Categories Tested
Security Issues
Direct command execution function call
| 228 | **Watch for:** `pickle`, `eval()`, `exec()`, `os.system()`, `subprocess` with `shell=True` |
Direct command execution function call
| 243 | **Watch for:** `ObjectInputStream`, `Runtime.exec()`, XML parsers without XXE protection, JNDI lookups |
Eval function call - arbitrary code execution
| 208 | eval(userCode) |
Eval function call - arbitrary code execution
| 211 | **Watch for:** `eval()`, `innerHTML`, `document.write()`, prototype chain manipulation, `__proto__` |
Eval function call - arbitrary code execution
| 228 | **Watch for:** `pickle`, `eval()`, `exec()`, `os.system()`, `subprocess` with `shell=True` |
Eval function call - arbitrary code execution
| 394 | eval(parse(text = user_input)) |
Eval function call - arbitrary code execution
| 402 | **Watch for:** `eval()`, `parse()`, `source()`, `system()`, file path manipulation |
System command execution
| 73 | os.system(f"convert {filename} output.png") |
System command execution
| 228 | **Watch for:** `pickle`, `eval()`, `exec()`, `os.system()`, `subprocess` with `shell=True` |
System command execution
| 402 | **Watch for:** `eval()`, `parse()`, `source()`, `system()`, file path manipulation |
Python os.system command execution
| 73 | os.system(f"convert {filename} output.png") |
Python os.system command execution
| 228 | **Watch for:** `pickle`, `eval()`, `exec()`, `os.system()`, `subprocess` with `shell=True` |
Python subprocess execution
| 76 | subprocess.run(["convert", filename, "output.png"], shell=False) |
External URL reference
| 384 | factory.setFeature("http://xml.org/sax/features/external-general-entities", false) |