Skills

semgrep-rule-variant-creator

Installation
Summary

Port existing Semgrep rules to new target languages with applicability analysis and test-driven validation.

  • Takes an existing Semgrep rule and target languages as input; produces independent rule and test directories for each applicable language
  • Requires mandatory applicability analysis per language before porting, rejecting shortcuts like assuming identical patterns across different ASTs
  • Enforces test-first methodology: write minimum 2 vulnerable and 2 safe test cases before creating the rule for each language
  • Completes a full 4-phase cycle (applicability analysis, test creation, rule creation, validation) per language before moving to the next
SKILL.md

Semgrep Rule Variant Creator

Port existing Semgrep rules to new target languages with proper applicability analysis and test-driven validation.

When to Use

Ideal scenarios:

  • Porting an existing Semgrep rule to one or more target languages
  • Creating language-specific variants of a universal vulnerability pattern
  • Expanding rule coverage across a polyglot codebase
  • Translating rules between languages with equivalent constructs

When NOT to Use

Do NOT use this skill for:

  • Creating a new Semgrep rule from scratch (use semgrep-rule-creator instead)
  • Running existing rules against code
  • Languages where the vulnerability pattern fundamentally doesn't apply
  • Minor syntax variations within the same language
Related skills

More from trailofbits/skills

Installs
2.2K
Repository
trailofbits/skills
GitHub Stars
5.1K
First Seen
Jan 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass