semgrep-rule-creator

trailofbits/skills

Create production-quality Semgrep rules with proper testing and validation.

Installs790

Install command

npx skills add https://github.com/trailofbits/skills --skill semgrep-rule-creator

Security audits

Gen Agent Trust HubPASS

SocketPASS

SnykPASS

About this skill

Create production-quality Semgrep rules with proper testing and validation. Ideal scenarios: Do NOT use this skill for: When writing Semgrep rules, reject these common shortcuts: Too broad - matches everything, useless for detection: Missing safe cases in tests - leads to undetected false positives: Overly specific patterns - misses variations: This workflow is strict - do not skip steps: This skill guides creation of Semgrep rules that detect security vulnerabilities and code patterns. Rules are created iteratively: analyze the problem, write tests first, analyze AST structure, write the rule, iterate until all tests pass, optimize the rule. Approach selection: Why prioritize taint mode? Pattern matching finds syntax but misses context. A pattern eval($X) matches both eval(user_input) (vulnerable) and eval("safe_literal") (safe). Taint mode tracks data flow, so it only alerts when untrusted data actually reaches the sink—dramatically reducing false positives for injection vulnerabilities. Iterating between approaches: It's okay to experiment.

Source description provided by the upstream skill listing. Community reviews and install context appear in the sections below.

Community Reviews

Latest reviews

No community reviews yet. Be the first to review.

Browse this skill in context

Agents

codex gemini-cli opencode cursor github-copilot claude-code

Source

trailofbits/skills

FAQ

What does semgrep-rule-creator do?

Create production-quality Semgrep rules with proper testing and validation.

Is semgrep-rule-creator good?

semgrep-rule-creator does not have approved reviews yet, so SkillJury cannot publish a community verdict.

What agent does semgrep-rule-creator work with?

semgrep-rule-creator currently lists compatibility with codex, gemini-cli, opencode, cursor, github-copilot, claude-code.

What are alternatives to semgrep-rule-creator?

Skills in the same category include telegram-bot-builder, flutter-app-size, sharp-edges, iterative-retrieval.

How do I install semgrep-rule-creator?

npx skills add https://github.com/trailofbits/skills --skill semgrep-rule-creator

telegram-bot-builder flutter-app-size sharp-edges iterative-retrieval

Related skills

Alternatives in Software Engineering

telegram-bot-builder

by sickn33/antigravity-awesome-skills

998

Source details, install context, and public review data are available on the full page.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

flutter-app-size

by flutter/skills

996

Analyzes and optimizes Flutter application size by measuring build artifacts, generating size analysis reports, utilizing Dart DevTools for component breakdown, and implementing specific size reduction strategies such as debug info splitting, resource compression, and platform-specific tree-shaking. Assumes a...

Software EngineeringFrontend and Design

sharp-edges

by trailofbits/skills

994

Evaluates whether APIs, configurations, and interfaces are resistant to developer misuse. Identifies designs where the "easy path" leads to insecurity.

Software EngineeringFrontend and DesignFirst seen Jan 18, 2026

iterative-retrieval

by affaan-m/everything-claude-code

993

Solves the "context problem" in multi-agent workflows where subagents don't know what context they need until they start working.

Software EngineeringFrontend and DesignFirst seen Jan 25, 2026

semgrep-rule-creator

Latest reviews

Categories

Agents

Source

More from trailofbits/skills

sharp-edges

property-based-testing

codeql

audit-context-building

Alternatives in Software Engineering

telegram-bot-builder

flutter-app-size

sharp-edges

iterative-retrieval