semgrep-rule-creator
Creates custom Semgrep rules for detecting security vulnerabilities and code patterns.
Setup & Installation
What This Skill Does
Creates custom Semgrep rules for detecting security vulnerabilities and code patterns. Guides you through a test-first workflow: write tests, analyze the AST, write the rule, iterate until all tests pass. Supports both pattern matching and taint mode for data flow analysis.
Hand-writing Semgrep rules without guidance leads to overly broad patterns with high false positives — this skill enforces AST analysis, mandatory test cases including safe variants, and taint mode selection to produce rules that actually work in production.
When to use it
- Writing taint mode rules to detect SQL injection from user-controlled request parameters
- Catching unsafe use of eval() or exec() with untrusted input in Python codebases
- Enforcing coding standards by flagging deprecated API calls across a large codebase
- Building detection rules for a specific vulnerability class found in a security audit
- Adding custom rules to a CI pipeline to catch bug patterns unique to your codebase
Similar Skills
best-practices
A checklist of modern web development standards covering HTTPS, CSP headers, input sanitization, deprecated API avoidance, and HTML validity.
auth0-android
Adds authentication to native Android apps using the Auth0 SDK.
auth0-angular
Adds authentication to Angular apps using the @auth0/auth0-angular SDK.
auth0-aspnetcore-api
Adds JWT access token validation to ASP.