semgrep-rule-creator
semgrep-rule-creator
Catalogue généré le 2026-05-11
En une phrase
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.
Quand l'utiliser
- Use when writing Semgrep rules or building custom static analysis detections.
Comment l'invoquer
- Slash command :
/semgrep-rule-creator(si exposé dans ton CLI) - Phrases déclencheurs : voir la description complète ci-dessous
- Auto-invocation : sur demande explicite
Description complète
Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Pour aller plus loin
Semgrep Rule Creator
Create production-quality Semgrep rules with proper testing and validation.
When to Use
Ideal scenarios:
- Writing Semgrep rules for specific bug patterns
- Writing rules to detect security vulnerabilities in your codebase
- Writing taint mode rules for data flow vulnerabilities
- Writing rules to enforce coding standards
When NOT to Use
Do NOT use this skill for:
- Running existing Semgrep rulesets
- General static analysis without custom rules (use
static-analysisskill)
Rationalizations to Reject
When writing Semgrep rules, reject these common shortcuts:
- "The pattern looks complete" → Still run
semgrep --test --config <rule-id>.yaml <rule-id>.<ext>to verify. Untested rules have hidden false positives/negatives. - "It matches the vulnerable case" → Matching vulnerabilities is half the job. Verify safe cases don't match (false positives break trust).
(extrait — voir le SKILL.md complet pour la suite)
Source
- Plugin :
trailofbits/semgrep-rule-creator - Nom interne :
semgrep-rule-creator - Fichier :
/home/thymon/.claude/plugins/cache/trailofbits/semgrep-rule-creator/1.1.0/skills/semgrep-rule-creator/SKILL.md