← Back to Skills

Codeql

🌐Community
by trailofbits · vlatest · Repository

CodeQL analyzes your codebase for security vulnerabilities and bugs by querying its source code, enabling proactive threat detection.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add codeql npx -- -y @trustedskills/codeql
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "codeql": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/codeql"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The CodeQL skill enables AI agents to analyze and query code using the CodeQL language, which is designed for semantic code analysis. It allows users to detect vulnerabilities, understand code structure, and perform complex queries across multiple programming languages.

When to use it

  • To identify security vulnerabilities in large codebases
  • For performing static analysis on software projects
  • When building tools that require deep understanding of code semantics

Key capabilities

  • Supports querying code in multiple programming languages
  • Enables detection of security issues and logical errors
  • Integrates with CodeQL's powerful semantic analysis engine

Example prompts

  • "Find all instances where user input is used without validation in this Python project."
  • "Analyze the JavaScript code for potential SQL injection vulnerabilities."
  • "Generate a report on code complexity across the entire C++ repository."

Tips & gotchas

  • Ensure that the CodeQL environment and dependencies are properly installed before use.
  • Query performance may vary depending on the size of the codebase and available resources.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
trailofbits
Installs
764
Repository (canonical source) →

🌐 Community

Passed automated security scans.