← Back to Skills

Semgrep Rule Creator

🌐Community
by trailofbits · vlatest · Repository

Generates Semgrep code rules to identify and fix coding errors automatically, boosting developer productivity and code quality.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add semgrep-rule-creator npx -- -y @trustedskills/semgrep-rule-creator
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "semgrep-rule-creator": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/semgrep-rule-creator"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The semgrep-rule-creator skill allows you to generate Semgrep rules based on provided code examples or descriptions. It leverages AI to translate natural language requests into functional Semgrep rule definitions, which can then be used to identify patterns and enforce coding standards in your codebase. This helps automate the process of creating custom security and quality checks.

When to use it

  • Automating Rule Creation: You need a quick way to create Semgrep rules without manually writing complex queries.
  • Enforcing Coding Standards: You want to ensure consistency across a project by generating rules based on existing code examples.
  • Security Auditing: Generate custom rules to identify potential security vulnerabilities in your codebase.
  • Rapid Prototyping: Quickly experiment with different rule patterns and refine them before full implementation.

Key capabilities

  • Generates Semgrep rules from code examples.
  • Creates Semgrep rules based on natural language descriptions of desired patterns.
  • Automates the creation of custom security checks.
  • Supports enforcing coding standards within a codebase.

Example prompts

  • "Create a semgrep rule to find all instances where print is used directly in production code."
  • "Generate a Semgrep rule that flags any function longer than 50 lines."
  • “Write a Semgrep rule based on this code snippet: [code example]”

Tips & gotchas

  • The quality of the generated rules depends heavily on the clarity and specificity of the input provided. Vague descriptions may result in inaccurate or overly broad rules.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
trailofbits
Installs
0
Repository (canonical source) →

🌐 Community

Passed automated security scans.