codeql
Enables developers to perform complex static analysis on codebases using CodeQL for enhanced security and bug prevention.
Install this skill
or
51/100
Security score
The codeql skill was audited on Feb 9, 2026 and we found 33 security issues across 3 threat categories. Review the findings below before installing.
Categories Tested
Security Issues
medium line 390
Template literal with variable interpolation in command context
SourceSKILL.md
| 390 | ```yaml |
medium line 464
Template literal with variable interpolation in command context
SourceSKILL.md
| 464 | ```yaml |
medium line 292
Access to hidden dotfiles in home directory
SourceSKILL.md
| 292 | Configure the CLI to find your queries by creating `~/.config/codeql/config`: |
low line 478
Access to hidden dotfiles in home directory
SourceSKILL.md
| 478 | path: ~/.codeql |
medium line 294
Access to root home directory
SourceSKILL.md
| 294 | --search-path /full/path/to/your/codeql/root/directory |
low line 111
External URL reference
SourceSKILL.md
| 111 | Output formats include SARIF and CSV. SARIF results can be viewed with the [VSCode SARIF Explorer extension](https://marketplace.visualstudio.com/items?itemName=trailofbits.sarif-explorer). |
low line 354
External URL reference
SourceSKILL.md
| 354 | **VSCode:** [CodeQL extension](https://marketplace.visualstudio.com/items?itemName=GitHub.vscode-codeql) provides LSP support, syntax highlighting, query running, and AST visualization. |
low line 370
External URL reference
SourceSKILL.md
| 370 | - [C and C++](https://codeql.github.com/codeql-standard-libraries/cpp/) |
low line 371
External URL reference
SourceSKILL.md
| 371 | - [Go](https://codeql.github.com/codeql-standard-libraries/go/) |
low line 372
External URL reference
SourceSKILL.md
| 372 | - [Java and Kotlin](https://codeql.github.com/codeql-standard-libraries/java/) |
low line 373
External URL reference
SourceSKILL.md
| 373 | - [JavaScript and TypeScript](https://codeql.github.com/codeql-standard-libraries/javascript/) |
low line 374
External URL reference
SourceSKILL.md
| 374 | - [Python](https://codeql.github.com/codeql-standard-libraries/python/) |
low line 375
External URL reference
SourceSKILL.md
| 375 | - [C#](https://codeql.github.com/codeql-standard-libraries/csharp/) |
low line 376
External URL reference
SourceSKILL.md
| 376 | - [Ruby](https://codeql.github.com/codeql-standard-libraries/ruby/) |
low line 377
External URL reference
SourceSKILL.md
| 377 | - [Swift](https://codeql.github.com/codeql-standard-libraries/swift/) |
low line 381
External URL reference
SourceSKILL.md
| 381 | CodeQL supports C/C++, C#, Go, Java, Kotlin, JavaScript, TypeScript, Python, Ruby, and Swift. Check [supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-langua |
low line 517
External URL reference
SourceSKILL.md
| 517 | - [Look out! Divergent representations are everywhere!](https://blog.trailofbits.com/2022/11/10/divergent-representations-variable-overflows-c-compiler/) |
low line 518
External URL reference
SourceSKILL.md
| 518 | - [Finding unhandled errors using CodeQL](https://blog.trailofbits.com/2022/01/11/finding-unhandled-errors-using-codeql/) |
low line 519
External URL reference
SourceSKILL.md
| 519 | - [Detecting iterator invalidation with CodeQL](https://blog.trailofbits.com/2020/10/09/detecting-iterator-invalidation-with-codeql/) |
low line 523
External URL reference
SourceSKILL.md
| 523 | - [CodeQL zero to hero part 1: The fundamentals of static analysis for vulnerability research](https://github.blog/2023-03-31-codeql-zero-to-hero-part-1-the-fundamentals-of-static-analysis-for-vulnera |
low line 524
External URL reference
SourceSKILL.md
| 524 | - [QL language tutorials](https://codeql.github.com/docs/writing-codeql-queries/ql-tutorials/) |
low line 525
External URL reference
SourceSKILL.md
| 525 | - [GitHub Security Lab CodeQL CTFs](https://securitylab.github.com/ctf/) |
low line 529
External URL reference
SourceSKILL.md
| 529 | - [Practical introduction to CodeQL](https://jorgectf.github.io/blog/post/practical-codeql-introduction/) |
low line 530
External URL reference
SourceSKILL.md
| 530 | - [Sharing security expertise through CodeQL packs (Part I)](https://github.blog/2022-04-19-sharing-security-expertise-through-codeql-packs-part-i/) |
low line 534
External URL reference
SourceSKILL.md
| 534 | - [Trail of Bits: Introduction to CodeQL - Examples, Tools and CI Integration](https://www.youtube.com/watch?v=rQRlnUQPXDw) |
low line 535
External URL reference
SourceSKILL.md
| 535 | - [Finding Security Vulnerabilities in C/C++ with CodeQL](https://www.youtube.com/watch?v=eAjecQrfv3o) |
low line 536
External URL reference
SourceSKILL.md
| 536 | - [Finding Security Vulnerabilities in JavaScript with CodeQL](https://www.youtube.com/watch?v=pYzfGaLTqC0) |
low line 537
External URL reference
SourceSKILL.md
| 537 | - [Finding Security Vulnerabilities in Java with CodeQL](https://www.youtube.com/watch?v=nvCd0Ee4FgE) |
low line 541
External URL reference
SourceSKILL.md
| 541 | - [Clang checkers and CodeQL queries for detecting untrusted pointer derefs and tainted loop conditions](https://www.zerodayinitiative.com/blog/2022/2/22/clang-checkers-and-codeql-queries-for-detectin |
low line 543
External URL reference
SourceSKILL.md
| 543 | - [Interesting kernel objects dashboard](https://lookerstudio.google.com/reporting/68b02863-4f5c-4d85-b3c1-992af89c855c/page/n92nD) |
low line 547
External URL reference
SourceSKILL.md
| 547 | - [Blue-teaming for Exiv2: adding custom CodeQL queries to code scanning](https://github.blog/2021-11-16-adding-custom-codeql-queries-code-scanning/) |
low line 548
External URL reference
SourceSKILL.md
| 548 | - [Best practices on rolling out code scanning at enterprise scale](https://github.blog/2022-09-28-best-practices-on-rolling-out-code-scanning-at-enterprise-scale/) |
low line 549
External URL reference
SourceSKILL.md
| 549 | - [Fine tuning CodeQL scans using query filters](https://colinsalmcorner.com/fine-tuning-codeql-scans/) |
Scanned on Feb 9, 2026
View Security DashboardGitHub Stars 106
Rate this skill
Categorydevelopment
UpdatedMay 21, 2026
openclawbackendapitestingbackend-developerml-ai-engineersecurity-engineerdata-analystqa-engineergithubdevelopmentdata analytics
majiayu000/claude-skill-registry