Alanamultiskillagent
Back to skills

semgrep-rule-creator

security

Creates custom Semgrep rules for detecting security vulnerabilities and code patterns. Guides you through a test-first workflow: write tests, analyze the AST, write the rule, iterate until all tests p

trailofbitstrailofbits
|View all trailofbits skills →

Setup & Installation

npx skills add https://github.com/trailofbits/semgrep-rule-creator --skill semgrep-rule-creator
or paste the link and ask your coding assistant to install it
https://github.com/trailofbits/semgrep-rule-creator
View on GitHub

What This Skill Does

Creates custom Semgrep rules for detecting security vulnerabilities and code patterns. Guides you through a test-first workflow: write tests, analyze the AST, write the rule, iterate until all tests pass. Supports both pattern matching and taint mode for data flow analysis. Hand-writing Semgrep rules without guidance leads to overly broad patterns with high false positives — this skill enforces AST analysis, mandatory test cases including safe variants, and taint mode selection to produce rules that actually work in production.

When to use it

  • Working with semgrep rule creator functionality
  • Implementing semgrep rule creator features
  • Debugging semgrep rule creator related issues

Similar Skills

audit-context-building

A structured analysis skill for the pre-audit phase of code review. It guides Claude through line-by-line function analysis, cross-boundary call tracing, and invariant mapping before any vulnerability

auth0-android

Adds authentication to native Android apps using the Auth0 SDK. Supports Web Auth login/logout, biometric-protected credentials, secure token storage, passwordless login, and MFA. Works with both Kotl

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK. Handles login/logout flows, route guards, HTTP interceptors for attaching tokens, and user profile access through observables. W

auth0-aspnetcore-api

Adds JWT access token validation to ASP.NET Core Web APIs using Auth0. It handles bearer token authentication, scope and permission checks, and supports DPoP proof-of-possession token binding. Works w