semgrep AI Agent Skills

Browse 30 skills related to semgrep

variant-analysis

3.0k
trailofbitstrailofbits

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

132 days ago

semgrep-rule-creator

3.0k
trailofbitstrailofbits

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

132 days ago

semgrep-rule-variant-creator

3.0k
trailofbitstrailofbits

Creates language variants of existing Semgrep rules. Use when porting a Semgrep rule to specified target languages. Takes an existing rule and target languages as input, produces independent rule+test directories for each language.

132 days ago

sast-analyzer

376
a5c-aia5c-ai

Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.

132 days ago

sast-semgrep

228
rohunjrohunj

Static application security testing (SAST) using Semgrep for vulnerability detection, security code review, and secure coding guidance with OWASP and CWE framework mapping. Use when: (1) Scanning code for security vulnerabilities across multiple languages, (2) Performing security code reviews with pattern-based detection, (3) Integrating SAST checks into CI/CD pipelines, (4) Providing remediation guidance with OWASP Top 10 and CWE mappings, (5) Creating custom security rules for organization-specific patterns, (6) Analyzing dependencies for known vulnerabilities.

sastsemgrepvulnerability-scanning+4
132 days ago

Code Security

132
semgrepsemgrep

Security guidelines for writing secure code. Use when writing code, reviewing code for vulnerabilities, or asking about secure coding practices like "check for SQL injection" or "review security".

131 days ago

LLM Security

132
semgrepsemgrep

Security guidelines for LLM applications based on OWASP Top 10 for LLM 2025. Use when building LLM apps, reviewing AI security, implementing RAG systems, or asking about LLM vulnerabilities like "prompt injection" or "check LLM security".

131 days ago

Semgrep

132
semgrepsemgrep

Run Semgrep static analysis scans and create custom detection rules. Use when asked to scan code with Semgrep, find security vulnerabilities, write custom YAML rules, or detect specific bug patterns.

131 days ago

Semgrep SAST Analysis

71
PramodDuttaPramodDutta

Static application security testing using Semgrep for finding vulnerabilities, code smells, and enforcing security policies across codebases.

semgrepsastsecurity+2
131 days ago

Custom Static Analysis Rules

71
PramodDuttaPramodDutta

Writing custom static analysis rules for ESLint, Semgrep, and SonarQube to enforce project-specific code quality and security standards.

static-analysiseslintsemgrep+2
132 days ago

sast-orchestration

29
hardw00thardw00t

Static Application Security Testing orchestration skill for running and managing SAST tools across codebases. This skill should be used when performing static code analysis, writing custom security rules, triaging SAST findings, integrating security scanning into CI/CD, or comparing findings across multiple SAST tools. Triggers on requests to scan code for vulnerabilities, write Semgrep/CodeQL rules, analyze SAST results, or set up automated security scanning.

132 days ago

sast-scanning

10
BagelHoleBagelHole

Perform static application security testing with tools like Semgrep, CodeQL, and SonarQube. Identify security vulnerabilities in source code before deployment. Use when implementing secure SDLC, code review automation, or security gates in CI/CD pipelines.

132 days ago

MVX Semgrep Creator

10
multiversxmultiversx

Writing custom Semgrep rules to enforce MultiversX best practices.

131 days ago

semgrep-rule-creator

7
plurigridplurigrid

Create custom Semgrep rules for detecting bug patterns and security vulnerabilities. This skill should be used when the user explicitly asks to "create a Semgrep rule", "write a Semgrep rule", "make a Semgrep rule", "build a Semgrep rule", or requests detection of a specific bug pattern, vulnerability, or insecure code pattern using Semgrep.

131 days ago

variant-analysis

7
plurigridplurigrid

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

131 days ago

semgrep

7
plurigridplurigrid

Run Semgrep static analysis for fast security scanning and pattern matching. Use when asked to scan code with Semgrep, write custom YAML rules, find vulnerabilities quickly, use taint mode, or set up Semgrep in CI/CD pipelines.

131 days ago

implementing-semgrep-for-custom-sast-rules

2
mukul975mukul975

Write custom Semgrep SAST rules in YAML to detect application-specific vulnerabilities, enforce coding standards, and integrate into CI/CD pipelines.

semgrepsaststatic-analysis+3
131 days ago

integrating-sast-into-github-actions-pipeline

2
mukul975mukul975

This skill covers integrating Static Application Security Testing (SAST) tools—CodeQL and Semgrep—into GitHub Actions CI/CD pipelines. It addresses configuring automated code scanning on pull requests and pushes, tuning rules to reduce false positives, uploading SARIF results to GitHub Advanced Security, and establishing quality gates that block merges when high-severity vulnerabilities are detected.

devsecopscicdsast+3
131 days ago

semgrep-find-and-fix

2
graysurfgraysurf

Scan a repo using its checked-in Semgrep configuration (local rules only), triage findings, and either fix the most severe issues or open a report-style PR. Use when a repo already has Semgrep config and rules committed; stop if no Semgrep config is present.

131 days ago

audit-skill

davisbuildsdavisbuilds

Security audit for agent skills using a three-layer deterministic architecture: structural validation, instruction scanning (prompt injection, encoding tricks, exfiltration, overreach), and code analysis (secrets, dangerous patterns, semgrep SAST, trifecta detection). Produces a trust score (A-F) with per-layer breakdown. Use when reviewing a skill for security, auditing a skill before installation, checking for prompt injection, or when the user says 'audit skill', 'check skill security', 'trust score', 'is this skill safe', or 'audit-skill'. On-demand via /audit-skill command.

132 days ago

semgrep-scan

ERP-CORE-DEVERP-CORE-DEV

Run Semgrep SAST analysis for security and code quality

securitysastsemgrep+1
131 days ago

semgrep

arielperez82arielperez82

Run Semgrep static analysis scan on a codebase using parallel subagents. Automatically detects and uses Semgrep Pro for cross-file analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases and triage.

131 days ago

secure-code

davisbuildsdavisbuilds

Static analysis security scanning and architectural trifecta detection using semgrep. Use when reviewing code for security vulnerabilities, running SAST scans, checking for the lethal trifecta (private data + untrusted input + external comms co-occurrence), or when the user says 'scan', 'security scan', 'trifecta check', 'check for vulnerabilities', 'SAST', or 'secure this code'. On-demand via /scan and /trifecta-check commands.

131 days ago

variant-analysis

arielperez82arielperez82

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

132 days ago

semgrep

aila-labaila-lab

Run Semgrep static analysis scan on a codebase using parallel subagents. Automatically detects and uses Semgrep Pro for cross-file analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases and triage.

132 days ago

semgrep-rule-creator

aila-labaila-lab

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

132 days ago

semgrep

aleister1102aleister1102

Run Semgrep static analysis scans and create custom detection rules. Use when asked to scan code with Semgrep, find security vulnerabilities, write custom YAML rules, or detect specific bug patterns.

131 days ago

semgrep-rule-creator

arielperez82arielperez82

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

131 days ago

variant-analysis

aila-labaila-lab

Find similar vulnerabilities and bugs across codebases using pattern-based analysis. Use when hunting bug variants, building CodeQL/Semgrep queries, analyzing security vulnerabilities, or performing systematic code audits after finding an initial issue.

131 days ago

SAST Scan

pitimonpitimon

Run Static Application Security Testing (SAST) using Semgrep in a Docker container. Identifies code vulnerabilities, injection flaws, and security anti-patterns.

132 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network