🧪 Skills

Web Vulnerability Assessment

Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing w...

v1.3.0
❤️ 0
⬇️ 26
👁 2
Save📁 Collect
Share

Description

name: web-vulnerability-assessment description: Generate comprehensive web application vulnerability assessments with OWASP-aligned checklists, remediation guides, and testing scripts. Use when assessing web app security, OWASP Top 10 compliance, penetration test scoping, application security review, API security assessment, or vulnerability remediation planning. version: 1.0.0 homepage: https://portal.toolweb.in metadata: openclaw: emoji: "🕷️" requires: env: - TOOLWEB_API_KEY bins: - curl primaryEnv: TOOLWEB_API_KEY os: - linux - darwin - win32 category: security

Web Vulnerability Assessment 🕷️🛡️

Generate comprehensive web application vulnerability assessments aligned to OWASP Top 10 and major compliance frameworks. Covers 19 vulnerability categories across 100+ individual checks. Returns a full assessment report, security checklist, remediation guide, and optional testing scripts tailored to your technology stack.

Built by a CISSP/CISM certified security professional at ToolWeb.in

When to Use

  • User asks for a web application security assessment
  • User wants an OWASP Top 10 vulnerability checklist
  • User needs to assess API security or web app vulnerabilities
  • User mentions penetration testing scope or appsec review
  • User asks about injection, XSS, authentication, or other web vulnerabilities
  • User wants remediation guidance for web application security issues
  • User needs compliance-mapped vulnerability assessment (PCI DSS, GDPR, HIPAA)

Prerequisites

  • TOOLWEB_API_KEY — Get your API key from portal.toolweb.in
  • curl must be available on the system

API Endpoint

POST https://portal.toolweb.in/apis/security/web-vuln-assessment

19 Vulnerability Categories

Key Category Severity OWASP
injection Injection Vulnerabilities CRITICAL A03:2021
authentication Broken Authentication & Session Management HIGH A07:2021
data_exposure Sensitive Data Exposure HIGH A02:2021
misconfiguration Security Misconfiguration MEDIUM A05:2021
xml_vulnerabilities XML Vulnerabilities HIGH
access_control Broken Access Control HIGH A01:2021
deserialization Insecure Deserialization HIGH A08:2021
api_security API Security HIGH
communication Insecure Communication MEDIUM
client_side Client-Side Vulnerabilities MEDIUM
dos Denial of Service MEDIUM
ssrf Server-Side Request Forgery HIGH A10:2021
auth_bypass Authentication Bypass CRITICAL
content_spoofing Content Spoofing MEDIUM
business_logic Business Logic Flaws HIGH
zero_day Zero-Day Patterns CRITICAL
mobile Mobile App Vulnerabilities HIGH
iot IoT Vulnerabilities HIGH
other Other Vulnerabilities MEDIUM

Supported Technologies

php, nodejs, python, java, dotnet, ruby, react, angular, vue, wordpress, mysql, postgresql, mongodb, redis, docker, kubernetes, aws, azure, nginx, apache

Compliance Frameworks

owasp_top_10, pci_dss, gdpr, hipaa

Workflow

  1. Gather inputs from the user:

    Required:

    • organization_name — Organization name
    • application_name — Name of the application being assessed
    • application_type — Type of app (e.g., "Web Application", "REST API", "Single Page App", "E-commerce Platform", "CMS", "Mobile Backend")
    • technology_stack — Technologies used (e.g., ["python", "react", "postgresql", "docker", "aws"])
    • deployment_environment — Where it's deployed (e.g., "Cloud (AWS)", "Cloud (Azure)", "On-Premise", "Hybrid", "Containerized")
    • assessment_scope — Which vulnerability categories to assess (e.g., ["injection", "authentication", "data_exposure", "api_security"] or use all categories for a full assessment)

    Optional:

    • compliance_frameworks — Compliance mapping (e.g., ["owasp_top_10", "pci_dss"]) (default: [])
    • include_remediation — Include remediation guides (default: true)
    • include_testing_scripts — Include testing procedures (default: false)
    • assessor_name — Name of the assessor (optional)

  2. Call the API:

curl -s -X POST "https://portal.toolweb.in/apis/security/web-vuln-assessment" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
    "organization_name": "<org>",
    "application_name": "<app>",
    "application_type": "<type>",
    "technology_stack": ["<tech1>", "<tech2>"],
    "deployment_environment": "<env>",
    "compliance_frameworks": ["owasp_top_10"],
    "assessment_scope": ["injection", "authentication", "data_exposure", "access_control", "api_security"],
    "include_remediation": true,
    "include_testing_scripts": false
  }'

  1. Parse the response. The API returns:

    • assessment_html — Full vulnerability assessment report
    • checklist_html — Security testing checklist
    • remediation_html — Remediation guide with fix recommendations
    • testing_scripts_html — Testing procedures (if requested)
    • generated_at — Timestamp

    The response is in HTML format. Extract the key findings, risk ratings, and recommendations to present to the user in a readable format.

  2. Present results with prioritized findings by severity.

Output Format

🕷️ Web Vulnerability Assessment
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Application: [app_name]
Tech Stack: [technologies]
Scope: [categories assessed]
Compliance: [frameworks]

🔴 CRITICAL Findings:
[List critical vulnerabilities found]

🟠 HIGH Findings:
[List high-severity vulnerabilities]

🟡 MEDIUM Findings:
[List medium-severity vulnerabilities]

📋 Security Checklist:
[Key checks and their status]

🔧 Top Remediation Actions:
1. [Fix] — Severity: Critical
2. [Fix] — Severity: High
3. [Fix] — Severity: High

📎 Full report powered by ToolWeb.in

Error Handling

  • If TOOLWEB_API_KEY is not set: Tell the user to get an API key from https://portal.toolweb.in
  • If the API returns 401: API key is invalid or expired
  • If the API returns 422: Check required fields
  • If the API returns 429: Rate limit exceeded — wait and retry after 60 seconds

Example Interaction

User: "Assess the security of our Python/React e-commerce app on AWS"

Agent flow:

  1. Ask: "What's the application name? And which areas should I focus on — full assessment or specific categories like injection, authentication, API security?"
  2. User responds: "It's called ShopFast. Full assessment please, map to OWASP and PCI DSS."
  3. Call API:
curl -s -X POST "https://portal.toolweb.in/apis/security/web-vuln-assessment" \
  -H "Content-Type: application/json" \
  -H "X-API-Key: $TOOLWEB_API_KEY" \
  -d '{
    "organization_name": "ShopFast Inc",
    "application_name": "ShopFast E-commerce",
    "application_type": "E-commerce Platform",
    "technology_stack": ["python", "react", "postgresql", "redis", "docker", "aws"],
    "deployment_environment": "Cloud (AWS)",
    "compliance_frameworks": ["owasp_top_10", "pci_dss"],
    "assessment_scope": ["injection", "authentication", "data_exposure", "misconfiguration", "access_control", "api_security", "communication", "client_side", "ssrf", "business_logic"],
    "include_remediation": true,
    "include_testing_scripts": false
  }'
  1. Present findings by severity, checklist, and remediation priorities

Pricing

  • API access via portal.toolweb.in subscription plans
  • Free trial: 10 API calls/day, 50 API calls/month to test the skill
  • Developer: $39/month — 20 calls/day and 500 calls/month
  • Professional: $99/month — 200 calls/day, 5000 calls/month
  • Enterprise: $299/month — 100K calls/day, 1M calls/month

##About

Created by ToolWeb.in — a security-focused MicroSaaS platform with 200+ security APIs, built by a CISSP & CISM certified professional. Trusted by security teams in USA, UK, and Europe and we have platforms for "Pay-per-run", "API Gateway", "MCP Server", "OpenClaw", "RapidAPI" for execution and YouTube channel for demos.

Related Skills

  • Threat Assessment & Defense Guide — Broader threat analysis
  • IT Risk Assessment Tool — Infrastructure-level risk scoring
  • Data Breach Impact Calculator — Estimate breach costs if vulnerabilities are exploited
  • GDPR Compliance Tracker — Data privacy compliance
  • OT Security Posture Scorecard — OT/ICS security assessment

Tips

  • Start with OWASP Top 10 categories for the most impactful assessment
  • Include your full tech stack for technology-specific vulnerability checks
  • Enable include_testing_scripts for penetration testing teams
  • Map to PCI DSS if you process payment card data
  • Run assessments after major releases or architecture changes
  • Use the checklist as a pre-deployment security gate

Reviews (0)

Sign in to write a review.

No reviews yet. Be the first to review!

Comments (0)

Sign in to join the discussion.

No comments yet. Be the first to share your thoughts!

Compatible Platforms

Links

📂 Source Code

Pricing

Free

Related Configs

🧪 Skill

self-improving-agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...

❤️ 2.0k ⬇️ 218k
🧪 Skill

Self Improving Agent

Free

Captures learnings, errors, and corrections to enable continuous improvement. And also 50+ models for image generation, video generation, text-to-speech, spe...

❤️ 2.0k ⬇️ 206k
🧪 Skill

Find Skills

Free

Search, discover, and install skills from the open agent skills ecosystem to extend agent capabilities for specific tasks or domains.

❤️ 814 ⬇️ 199k
🧪 Skill

Summarize

Free

--- name: summarize description: Summarize URLs or files with the summarize CLI (web, PDFs, images, audio, YouTube). homepage: https://summarize.sh metadata: {"clawdbot":{"emoji":"🧾","requires":{"b

❤️ 609 ⬇️ 160k