Why is the applicability analysis phase mandatory?

Not all vulnerability patterns exist in every language. This phase ensures you don't waste time porting rules that are logically impossible or irrelevant in the target language's ecosystem.

Does this skill support Semgrep's taint-mode rules?

Yes, it supports taint-mode porting and includes specific steps for debugging data-flow traces to ensure the source-to-sink logic remains valid in the new language.

Can I use this to create entirely new rules from scratch?

No, this specific skill is optimized for porting existing rules to new languages. For creating brand new rules from a bug description, you should use the 'semgrep-rule-creator' skill.

How does it ensure the ported rules actually work?

The skill enforces a strict validation phase where the rule must pass 100% of the generated test cases (including vulnerable and safe cases) before the process is considered complete.

Semgrep Rule Variant Creator

Name: Semgrep Rule Variant Creator
Author: sudohakan

bysudohakan

•

Security & Testing

Ports existing Semgrep security rules to multiple target languages using a rigorous test-driven validation and AST analysis workflow.

The Semgrep Rule Variant Creator is a specialized tool for security engineers and developers who need to maintain consistent static analysis coverage across polyglot codebases. Rather than performing simple syntax translation, this skill guides Claude through a sophisticated four-phase process: analyzing if a vulnerability pattern is applicable to the target language, creating test cases first, generating AST-aware rules, and validating the results. This ensures that ported rules are idiomatically correct, functionally robust, and free from the common pitfalls associated with cross-language pattern porting.

Key Features

01Test-first methodology with automated generation of vulnerable and safe cases

022 GitHub stars

03Integrated validation and taint-flow debugging for complex security rules

04Mandatory applicability analysis to prevent invalid rule translation

05AST-based pattern translation for high-precision detection

06Automated cross-language rule porting for polyglot environments

Use Cases

01Expanding existing security policies to cover new languages in a microservices architecture

02Translating universal vulnerability patterns into language-specific AST constructs

03Maintaining a standardized library of custom Semgrep rules across diverse engineering teams

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sudohakan/claude-code-dotfiles semgrep-rule-variant-creator

For use in Claude.ai and ChatGPT

Key Features

01Test-first methodology with automated generation of vulnerable and safe cases

022 GitHub stars

03Integrated validation and taint-flow debugging for complex security rules

04Mandatory applicability analysis to prevent invalid rule translation

05AST-based pattern translation for high-precision detection

06Automated cross-language rule porting for polyglot environments

Use Cases

01Expanding existing security policies to cover new languages in a microservices architecture

02Translating universal vulnerability patterns into language-specific AST constructs

03Maintaining a standardized library of custom Semgrep rules across diverse engineering teams

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sudohakan/claude-code-dotfiles semgrep-rule-variant-creator

For use in Claude.ai and ChatGPT