owasp_audit
owasp_auditReview TypeScript/JavaScript code against OWASP Top 10 (2025) categories, providing evidence-based security issue detection with CWE references and honest strength ratings. Advisory tool requiring acknowledgment.
Instructions
Operator tool for OWASP Top 10 (2025) review: scan indexed TS/JS files for evidence-backed security issues mapped to OWASP categories (A01 broken access control, A02 misconfiguration, A04 crypto failures, A05 injection, A07 auth failures, A10 exceptional conditions) with CWE references and a direct_evidence/weak_signal honesty strength. Always returns a full 10-category coverage section, explicitly naming categories it does not statically check (A03 supply chain, A06 insecure design, A08 integrity, A09 logging). Advisory and heuristic — requires acknowledgeAdvisory:true; not a replacement for dedicated SAST/SCA. Read-only; does not persist findings.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| freshen | No | ||
| maxFiles | No | ||
| projectId | No | ||
| categories | No | ||
| projectRef | No | ||
| maxPerSection | No | ||
| includeFullResults | No | ||
| acknowledgeAdvisory | Yes |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| _hints | Yes | ||
| result | Yes | ||
| toolName | Yes | ||
| projectId | Yes |