Vulnerability Detection

A comprehensive guide for using Semgrep, a fast static analysis tool for finding bugs and security vulnerabilities. Covers installation, custom rule writing, CI/CD integration with GitHub Actions, and best practices for security scanning without sharing code with third parties.

CodeQL is a powerful static analysis framework that queries code as a database for security vulnerabilities and code patterns. This skill provides comprehensive documentation on creating CodeQL databases, writing custom queries, integrating with CI/CD pipelines, and using the framework for interprocedural control flow and data flow analysis across C/C++, Go, Java, JavaScript, Python, and other supported languages.

This skill guides users through creating production-quality Semgrep rules for detecting security vulnerabilities and bug patterns. It follows a test-first approach: write test cases, analyze AST structure, write the rule, and iterate until all tests pass. Supports both taint mode for data flow analysis and pattern matching for syntactic detection.

A comprehensive security-focused code review skill for analyzing pull requests, commits, and diffs. It uses git history for context, calculates blast radius of changes, checks test coverage, performs adversarial vulnerability analysis, and generates detailed markdown security reports with findings and recommendations.

Security scanner for Claude Code skills. Use when users want to scan a skill before installing, check an installed skill's security, or analyze any skill from a GitHub URL, local path, or installed location. Triggers on "scan this skill", "check skill security", "is this skill safe", or when users provide a skill URL/path asking about its safety.