Skills

semgrep-rule-creator

Installation
Summary

Custom Semgrep rule creation with test-driven validation and AST-guided pattern development.

  • Guides iterative rule authoring: analyze problem, write tests first, inspect AST structure, build patterns, validate with semgrep --test, then optimize
  • Prioritizes taint mode for data flow vulnerabilities (sources to sinks) over pattern matching to reduce false positives; supports switching between approaches as needed
  • Enforces strict testing discipline: 100% test pass required, safe cases must be included to catch false positives, no untested rules
  • Generates two-file output per rule: YAML rule definition and language-specific test file with ruleid and ok annotations
SKILL.md

Semgrep Rule Creator

Create production-quality Semgrep rules with proper testing and validation.

When to Use

Ideal scenarios:

  • Writing Semgrep rules for specific bug patterns
  • Writing rules to detect security vulnerabilities in your codebase
  • Writing taint mode rules for data flow vulnerabilities
  • Writing rules to enforce coding standards

When NOT to Use

Do NOT use this skill for:

  • Running existing Semgrep rulesets
  • General static analysis without custom rules (use static-analysis skill)

Rationalizations to Reject

Related skills

More from trailofbits/skills

Installs
2.3K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 19, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass