Semgrep Rule Creator
Skill Verifiziert AktivCreates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
To empower developers and security professionals to create effective and reliable Semgrep rules for detecting vulnerabilities and code patterns.
Funktionen
- Guided Semgrep rule creation workflow
- Emphasis on test-first methodology
- Guidance on pattern matching and taint mode
- AST analysis for precise rule writing
- Optimization and validation steps
Anwendungsfälle
- Writing custom Semgrep rules for specific security vulnerabilities
- Developing rules to enforce coding standards
- Creating taint mode rules for data flow analysis
- Building custom static analysis detections
Nicht-Ziele
- Running existing Semgrep rulesets
- General static analysis without custom rule development
- Skipping testing or validation steps
- Creating overly broad or generic rules
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install semgrep-rule-creator@trailofbitsQualitätspunktzahl
VerifiziertVertrauenssignale
Ähnliche Erweiterungen
Migrate Validate
100Validate pending migrations for foreign key consistency, rollback safety, and best practices
Moyu (摸鱼)
100자동으로 과잉 엔지니어링 패턴을 탐지합니다: (1) 사용자가 명시적으로 요청하지 않은 코드나 파일을 수정하는 경우 (2) 요청되지 않은 새로운 추상화 레이어(클래스, 인터페이스, 팩토리, 래퍼)를 생성하는 경우 (3) 요청되지 않은 주석, 문서, JSDoc, 타입 어노테이션을 추가하는 경우 (4) 요청되지 않은 새로운 종속성을 도입하는 경우 (5) 최소한의 편집 대신 파일 전체를 다시 작성하는 경우 (6) diff 범위가 사용자의 요청을 명백히 초과하는 경우 (7) 사용자가 "너무 많아", "거기는 건드리지 마", "X만 변경해", "간단하게", "그만"과 같은 신호를 보내는 경우 (8) 발생할 수 없는 시나리오에 대한 오류 처리, 유효성 검사, 방어적 코드 추가 (9) 요청되지 않은 테스트, 설정 스캐폴딩, 문서 생성
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Fixflow
100Führen Sie Codierungsaufgaben mit einem strengen Liefer-Workflow aus: Erstellen Sie einen vollständigen Plan, implementieren Sie Schritt für Schritt, führen Sie kontinuierlich Tests durch und committen Sie standardmäßig nach jedem Schritt (`per_step`). Unterstützt explizite Commit-Policy-Überschreibungen (`final_only`, `milestone`) und optional BDD (Given/When/Then), wenn Benutzer verhaltensgesteuerte Bereitstellung anfordern oder Anforderungen unklar sind.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Semgrep
75Run Semgrep static analysis scan on a codebase using parallel subagents. Supports two scan modes — "run all" (full ruleset coverage) and "important only" (high-confidence security vulnerabilities). Automatically detects and uses Semgrep Pro for cross-file taint analysis when available. Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.