API Documentation
OWASP AST10 API Documentation
The OWASP AST10 API provides programmatic access to security data, risk assessment tools, and integration capabilities for AI agent skill security.
⚠️ Status: Proposed specification — not yet deployed. This page describes a planned API design published for community feedback. The base URL, dashboard, SDK packages, and support addresses below are illustrative placeholders and are not live — requests to them will fail. For example,
https://owasp.org/ast10/dashboardreturns 404 and thehttps://api.owasp.org/ast10/v1host does not resolve. No version of this API is currently running. Track implementation status in the project issues.
Base URL
https://api.owasp.org/ast10/v1
Placeholder host — not yet deployed; this address does not resolve.
Authentication
Once the service is deployed, API requests will require authentication using API keys issued from an OWASP AST10 dashboard. That dashboard does not exist yet — the previously documented URL (https://owasp.org/ast10/dashboard) returns 404. The flow below is illustrative of the planned design.
curl -H "Authorization: Bearer YOUR_API_KEY" \
https://api.owasp.org/ast10/v1/risks
Endpoints
Risk Data
GET /risks
Retrieve all AST10 security risks.
Response:
{
"data": [
{
"id": "AST01",
"title": "Malicious Skills",
"severity": "Critical",
"description": "Attackers publish skills that appear legitimate but contain hidden malicious payloads...",
"platforms": ["All"],
"maestro_mapping": {
"layer_7": "Agent Ecosystem",
"layer_3": "Agent Frameworks"
},
"mitigations": [
"Require cryptographic signatures",
"Implement Merkle root signing",
"Isolate skill execution"
]
}
],
"meta": {
"total": 10,
"version": "1.0"
}
}
GET /risks/{id}
Get detailed information about a specific risk.
Parameters:
id: Risk ID (AST01-AST10)
Response:
{
"data": {
"id": "AST01",
"title": "Malicious Skills",
"severity": "Critical",
"description": "...",
"attack_scenarios": [
{
"name": "Typosquatting",
"description": "...",
"indicators": ["..."],
"mitigation": "..."
}
],
"code_examples": {
"signature_verification": "...",
"behavioral_sandboxing": "..."
},
"references": [
"Snyk ToxicSkills",
"Check Point Research"
]
}
}
Threat Intelligence
GET /threats
Get current threat intelligence data.
Query Parameters:
since: ISO 8601 timestamp for filtering recent threatsseverity: Filter by severity (low, medium, high, critical)platform: Filter by platform
Response:
{
"data": [
{
"id": "THREAT-2026-001",
"title": "ClawHavoc Campaign",
"severity": "high",
"description": "Coordinated attack on AI agent skill registries",
"platforms_affected": ["OpenClaw", "Claude Code"],
"indicators": [
{
"type": "domain",
"value": "clawhavoc.net",
"confidence": 0.95
}
],
"first_seen": "2026-01-03T00:00:00Z",
"last_seen": "2026-01-28T00:00:00Z",
"mitigation_status": "contained"
}
],
"meta": {
"total": 15,
"updated": "2026-03-22T12:00:00Z"
}
}
GET /threats/stats
Get threat statistics and trends.
Response:
{
"data": {
"total_threats": 47,
"active_campaigns": 3,
"platform_distribution": {
"OpenClaw": 18,
"Claude Code": 15,
"Cursor": 8,
"VS Code": 6
},
"severity_breakdown": {
"critical": 5,
"high": 12,
"medium": 20,
"low": 10
},
"trends": {
"last_30_days": 23,
"last_7_days": 8
}
}
}
Risk Assessment
POST /assess
Perform automated risk assessment on a skill.
Request Body:
{
"skill_content": "YAML or JSON skill definition",
"skill_format": "yaml|json|markdown",
"platform": "OpenClaw|Claude Code|Cursor|VS Code",
"options": {
"include_recommendations": true,
"severity_threshold": "medium"
}
}
Response:
{
"data": {
"overall_risk_score": 65.5,
"risk_level": "medium",
"vulnerabilities": [
{
"id": "AST01",
"severity": "high",
"description": "Potential malicious code patterns detected",
"line_number": 15,
"recommendation": "Review and remove suspicious commands"
},
{
"id": "AST03",
"severity": "medium",
"description": "Excessive permissions requested",
"recommendation": "Minimize required permissions"
}
],
"mitigation_plan": [
"Implement input validation",
"Reduce skill permissions",
"Add security scanning to CI/CD"
]
},
"processing_time_ms": 245
}
GET /assess/history
Get assessment history for your organization.
Query Parameters:
limit: Number of results (default: 50)offset: Pagination offsetstatus: Filter by assessment status
Scanner Integration
POST /scan
Submit a skill for comprehensive security scanning.
Request Body:
{
"skill_url": "https://example.com/skill.yaml",
"callback_url": "https://your-app.com/webhook/scan-complete",
"scan_options": {
"rules": ["AST01", "AST03", "AST04"],
"timeout": 300,
"sandbox": true
}
}
Response:
{
"data": {
"scan_id": "scan_1234567890",
"status": "queued",
"estimated_completion": "2026-03-22T12:05:00Z",
"scan_url": "https://api.owasp.org/ast10/v1/scans/scan_1234567890"
}
}
GET /scans/{scan_id}
Get scan results.
Response:
{
"data": {
"scan_id": "scan_1234567890",
"status": "completed",
"started_at": "2026-03-22T12:00:00Z",
"completed_at": "2026-03-22T12:02:15Z",
"results": {
"vulnerabilities_found": 2,
"critical": 0,
"high": 1,
"medium": 1,
"low": 0,
"details": [...]
},
"report_url": "https://api.owasp.org/ast10/v1/scans/scan_1234567890/report"
}
}
Webhooks
Scan Completion Webhook
When a scan completes, we’ll POST to your callback URL:
{
"event": "scan.completed",
"scan_id": "scan_1234567890",
"status": "completed",
"results_summary": {
"vulnerabilities_found": 2,
"highest_severity": "high"
},
"report_url": "https://api.owasp.org/ast10/v1/scans/scan_1234567890/report"
}
Rate Limits
Proposed tiers — illustrative only; no live service enforces these today.
- Free Tier: 100 requests/hour, 1,000/month
- Professional: 1,000 requests/hour, 100,000/month
- Enterprise: Unlimited
Rate limit headers are included in all responses:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640995200
Error Handling
All errors follow this format:
{
"error": {
"code": "INVALID_REQUEST",
"message": "The request body is invalid",
"details": {
"field": "skill_content",
"issue": "cannot be empty"
}
}
}
Common error codes:
INVALID_REQUEST: Malformed requestUNAUTHORIZED: Invalid or missing API keyRATE_LIMITED: Rate limit exceededNOT_FOUND: Resource not foundINTERNAL_ERROR: Server error
SDKs and Libraries
Proposed client libraries. These packages are not yet published — @owasp/ast10-sdk (npm), ast10_sdk (PyPI), and ast10-sdk-go do not exist on their registries yet. The snippets below illustrate the intended interface.
JavaScript/Node.js
const { AST10Client } = require('@owasp/ast10-sdk');
const client = new AST10Client({
apiKey: 'your-api-key'
});
// Assess a skill
const assessment = await client.assessSkill(skillContent);
console.log(`Risk score: ${assessment.overall_risk_score}`);
// Get threat intelligence
const threats = await client.getThreats({ severity: 'high' });
Python
from ast10_sdk import AST10Client
client = AST10Client(api_key='your-api-key')
# Assess skill
assessment = client.assess_skill(skill_content)
print(f"Risk score: {assessment['overall_risk_score']}")
# Get risks
risks = client.get_risks()
Go
package main
import (
"github.com/owasp/ast10-sdk-go"
)
func main() {
client := ast10.NewClient("your-api-key")
assessment, err := client.AssessSkill(skillContent)
if err != nil {
log.Fatal(err)
}
fmt.Printf("Risk score: %.1f\n", assessment.OverallRiskScore)
}
Changelog
v1.1.0 (March 2026)
- Added threat intelligence endpoints
- Enhanced risk assessment with ML-based scoring
- Added webhook support for scan completion
v1.0.0 (January 2026)
- Initial release with core AST10 endpoints
- Basic risk assessment and scanning
- Rate limiting and authentication
Support
This is a proposed specification — there is no live API support channel yet. Use the project’s GitHub repository for questions and to follow implementation:
- Issue Tracking: GitHub Issues
(The previously listed https://api.owasp.org/ast10/docs reference site and [email protected] mailbox are not deployed and do not work.)
This is a draft API specification published for community review — not a released service. No version of this API is currently deployed.
Example
Put whatever you like here: news, screenshots, features, supporters, or remove this file and don’t use tabs at all.