Semgrep Rule Variant Creator
Skill AktivCreates language variants of existing Semgrep rules. Use when porting a Semgrep rule to specified target languages. Takes an existing rule and target languages as input, produces independent rule+test directories for each language.
To efficiently and reliably port existing Semgrep rules to new target languages, ensuring accuracy and test coverage through a structured, multi-phase workflow.
Funktionen
- Automated Semgrep rule variant creation
- Test-driven development for new rule variants
- Applicability analysis for target languages
- Generates independent rule and test directories
- Detailed documentation and workflow guidance
Anwendungsfälle
- Porting a Semgrep rule written in Python to Go and Java
- Expanding security rule coverage across a polyglot codebase
- Creating language-specific versions of a universal vulnerability pattern
- Ensuring new rule variants have proper test cases
Nicht-Ziele
- Creating a new Semgrep rule from scratch
- Running existing Semgrep rules against code
- Translating rules for languages where the vulnerability pattern doesn't apply
- Skipping test case creation for new variants
Trust
- warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate (approximately 24%), suggesting maintainers may respond slowly to issues.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install semgrep-rule-variant-creator@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Cleanup Cycles
100Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".
Coding Standards
100Baseline cross-project coding conventions for naming, readability, immutability, and code-quality review. Use detailed frontend or backend skills for framework-specific patterns.
Create Dockerfile
98Create general-purpose Dockerfiles for Node.js, Python, Go, Rust, and Java projects. Covers base image selection, dependency installation, user permissions, COPY patterns, ENTRYPOINT vs CMD, and .dockerignore. Use when containerizing an application for the first time, creating a consistent build/runtime environment, preparing an app for cloud deployment or Docker Compose, or when no existing Dockerfile is present in the project.
Metal
100Extract the conceptual essence of a repository as skills, agents, and teams — the project's roles, procedures, and coordination patterns expressed as agentskills.io-standard definitions. Reads an arbitrary codebase and produces generalized definitions that capture WHAT the project does and WHO operates it, without replicating HOW it does it. Use when onboarding to a new codebase and wanting to understand its conceptual architecture, when bootstrapping an agentic system from an existing project, when studying a project's organizational DNA for cross-pollination, or when creating a skill/agent/team library inspired by a reference implementation.
Lean Ctx
100Context Runtime für KI-Agenten — 59 MCP-Tools, 10 Lesemodi, über 95 Shell-Muster, Tree-sitter AST für 18 Sprachen. Komprimiert LLM-Kontext um bis zu 99%. Verwenden Sie es beim Lesen von Dateien, Ausführen von Shell-Befehlen, Suchen von Code oder Erkunden von Verzeichnissen. Automatische Installation, falls nicht vorhanden.
Pathfinder
100Ordnet eine Codebasis in Feature-gruppierte Flussdiagramme ein, identifiziert doppelte Belange über Features hinweg und schlägt eine einheitliche Architektur vor. Wird verwendet, wenn nach "dem idealen Pfad" gefragt wird, duplizierte Systeme vereinheitlicht oder die Architektur vor einem Refactoring auditiert werden soll. Gibt ein vorgeschlagenes einheitliches Flussdiagramm sowie Prompts zum Erstellen eines Plans pro System aus.