Does this skill support taint mode for data flow?

Yes, it prioritizes taint mode for tracking untrusted input from sources to dangerous sinks, which significantly reduces false positives compared to basic pattern matching.

How does it handle different programming languages?

The skill analyzes the AST for the specific language targeted, allowing it to create patterns that are syntactically aware rather than relying on generic text matching.

Can I use this to run standard Semgrep rulesets?

No, this skill is specifically optimized for creating, testing, and iterating on custom rules. For running standard analysis, you should use a general static analysis skill.

Why is a test-driven approach mandatory?

Testing is required to ensure the rule correctly identifies vulnerabilities while ignoring safe instances. A 100% test pass rate is required to ensure production-grade reliability.

Semgrep Rule Creator

Name: Semgrep Rule Creator
Author: monmacllcapp

bymonmacllcapp

0•

Security & Testing

Generates and validates production-quality Semgrep rules to detect security vulnerabilities and complex code patterns using a test-driven approach.

This skill empowers developers to build sophisticated static analysis detections by leveraging Semgrep's pattern-matching and taint-tracking capabilities. It guides users through a rigorous, multi-step process that includes analyzing Abstract Syntax Trees (AST), writing comprehensive test cases for both vulnerable and safe code, and optimizing patterns for performance. By enforcing a strict test-first methodology and prioritizing taint mode for data-flow vulnerabilities, the skill ensures that custom security rules are precise, reliable, and ready for production CI/CD pipelines.

Key Features

01Mandatory test-driven workflow with validation using the semgrep --test command

02Advanced taint mode configuration for tracking untrusted data flow to dangerous sinks

030 GitHub stars

04Automated generation of Semgrep YAML rules and associated test files

05Strict anti-pattern prevention to minimize false positives and noisy detections

06AST structure analysis to ensure patterns capture all syntactic variations

Use Cases

01Enforcing internal coding standards and architectural patterns across large codebases

02Developing custom security rules to catch domain-specific injection vulnerabilities

03Creating precise bug-pattern detections for common developer mistakes or library misuses

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add monmacllcapp/skill-forks semgrep-rule-creator

For use in Claude.ai and ChatGPT

Download Skill