← Back to Skills

Code Security

🏢Official
by semgrep · vlatest · Repository

Identifies and remediates common code vulnerabilities using Semgrep's extensive rule set for secure coding practices.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add code-security npx -- -y @trustedskills/code-security
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "code-security": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/code-security"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

This skill enables an AI agent to identify and remediate common code vulnerabilities using Semgrep's extensive rule set for secure coding practices. It supports proactive vulnerability checking during code writing or review, as well as reactive security analysis when specifically requested by the user. The tool covers a wide range of vulnerabilities including those found in the OWASP Top 10, infrastructure security concerns, and general coding best practices across more than 15 programming languages.

When to use it

  • When reviewing code for potential security flaws before deployment.
  • During the development process to proactively identify and fix vulnerabilities as they are introduced.
  • To understand secure coding patterns and best practices in a specific programming language.
  • When investigating a reported security concern within a codebase.
  • For automated checks of infrastructure-as-code configurations (e.g., Terraform, Kubernetes).

Key capabilities

  • Proactive vulnerability scanning: Automatically checks code for vulnerabilities based on the detected language and patterns.
  • Reactive security analysis: Provides detailed rule files with vulnerable/secure code examples when a user requests information about specific security concerns.
  • Language support: Covers over 15 programming languages including Python, JavaScript/TypeScript, Java, Go, C/C++, Ruby, PHP, and HCL/YAML.
  • Categorized rules: Organizes vulnerabilities into categories like SQL Injection, Command Injection, XSS, XXE, and more.
  • Priority rule guidance: Provides a list of priority rules to check for specific languages (e.g., SQL injection in Python).

Example prompts

  • "Can you review this Python code for potential SQL injection vulnerabilities?"
  • "What are the best practices for preventing XSS attacks in JavaScript?"
  • "Show me examples of secure coding patterns for handling user input in Java."
  • "Check my Terraform configuration for security issues related to AWS resources."

Tips & gotchas

  • To effectively use this skill, first identify the programming language and the code's functionality (e.g., database interaction, file reading).
  • Prioritize checking "Critical" and "High" impact rules first.
  • Refer to the specific rule files within the rules/ directory for detailed examples and guidance.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
semgrep
Installs
192
Repository (canonical source) →

🏢 Official

Published by the company or team that built the technology.