Skip to main content

semgrep-rule-creator

semgrep-rule-creator

Catalogue généré le 2026-05-11

En une phrase

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns.

Quand l'utiliser

  • Use when writing Semgrep rules or building custom static analysis detections.

Comment l'invoquer

  • Slash command : /semgrep-rule-creator (si exposé dans ton CLI)
  • Phrases déclencheurs : voir la description complète ci-dessous
  • Auto-invocation : sur demande explicite

Description complète

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Pour aller plus loin

Semgrep Rule Creator

Create production-quality Semgrep rules with proper testing and validation.

When to Use

Ideal scenarios:

  • Writing Semgrep rules for specific bug patterns
  • Writing rules to detect security vulnerabilities in your codebase
  • Writing taint mode rules for data flow vulnerabilities
  • Writing rules to enforce coding standards

When NOT to Use

Do NOT use this skill for:

  • Running existing Semgrep rulesets
  • General static analysis without custom rules (use static-analysis skill)

Rationalizations to Reject

When writing Semgrep rules, reject these common shortcuts:

  • "The pattern looks complete" → Still run semgrep --test --config <rule-id>.yaml <rule-id>.<ext> to verify. Untested rules have hidden false positives/negatives.
  • "It matches the vulnerable case" → Matching vulnerabilities is half the job. Verify safe cases don't match (false positives break trust).

(extrait — voir le SKILL.md complet pour la suite)

Source

  • Plugin : trailofbits/semgrep-rule-creator
  • Nom interne : semgrep-rule-creator
  • Fichier : /home/thymon/.claude/plugins/cache/trailofbits/semgrep-rule-creator/1.1.0/skills/semgrep-rule-creator/SKILL.md