claude-oswe

Q: How to install claude-oswe?

Create the skills directory: mkdir -p .claude/skills. Then add the config to .claude/skills/claude-oswe.md. Finally, /claude-oswe in Claude Code.

Q: What is claude-oswe best for?

claude-oswe is categorized under General. It covers: security, python.

New

1GitHub TrendingGeneralby Laucked-Security

White-box, OSWE-style security audit for Claude Code: traces source→sink, chains findings to unauthenticated RCE, verifies each chain, and writes an evidence-backed Markdown + HTML report. PHP · Node · Python · Java · .NET.

First seen 6/17/2026

Summary

NET codebases.

It chains individual vulnerabilities into unauthenticated RCE paths, verifies each chain with evidence, and produces a detailed Markdown and HTML report.
Ideal for developers conducting thorough security reviews or preparing for OSWE certification.

Install & Usage

Create the skills directory

mkdir -p .claude/skills

Download the skill file

Add the configuration to .claude/skills/claude-oswe.md

Invoke in Claude Code

/claude-oswe

Use Cases

Audit a PHP web application for SQL injection and file inclusion vulnerabilities that chain to RCE.

Trace untrusted user input through a Node.js Express app to find command injection sinks.

Analyze a Python Flask application for deserialization flaws leading to unauthenticated remote code execution.

Review a Java Spring Boot service for path traversal and SSRF vulnerabilities that can be chained.

Inspect a .NET MVC application for XSS and insecure deserialization chains resulting in full compromise.

Generate a comprehensive security report with evidence for each vulnerability chain found.

Usage Examples

/claude-oswe audit ./my-php-app --language php --output report.html

Run a white-box security audit on the Node.js project in /workspace/node-app, tracing all user inputs to dangerous sinks.

/claude-oswe chain ./python-flask-app --verify --report markdown

View source on GitHub

securitypython

Security Audits

LicenseUnknownSourceWarnRepositoryPass

Frequently Asked Questions

What is claude-oswe?

This skill performs a white-box security audit inspired by the OSWE methodology, tracing data from sources to sinks across PHP, Node, Python, Java, and .NET codebases. It chains individual vulnerabilities into unauthenticated RCE paths, verifies each chain with evidence, and produces a detailed Markdown and HTML report. Ideal for developers conducting thorough security reviews or preparing for OSWE certification.

How to install claude-oswe?

To install claude-oswe: create the skills directory (mkdir -p .claude/skills), then add the config to .claude/skills/claude-oswe.md. Finally, /claude-oswe in Claude Code.

What is claude-oswe best for?

claude-oswe is a other categorized under General. It is designed for: security, python. Created by Laucked-Security.

What can I use claude-oswe for?

claude-oswe is useful for: Audit a PHP web application for SQL injection and file inclusion vulnerabilities that chain to RCE.; Trace untrusted user input through a Node.js Express app to find command injection sinks.; Analyze a Python Flask application for deserialization flaws leading to unauthenticated remote code execution.; Review a Java Spring Boot service for path traversal and SSRF vulnerabilities that can be chained.; Inspect a .NET MVC application for XSS and insecure deserialization chains resulting in full compromise.; Generate a comprehensive security report with evidence for each vulnerability chain found..