semgrep-rule-creator
Facilitates the creation of custom Semgrep rules to detect security vulnerabilities and code patterns through a structured approach.
Install this skill
or
0/100
Security score
The semgrep-rule-creator skill was audited on May 12, 2026 and we found 10 security issues across 1 threat category, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
high line 44
Eval function call - arbitrary code execution
SourceSKILL.md
| 44 | pattern: eval(...) |
critical line 98
Eval function call - arbitrary code execution
SourceSKILL.md
| 98 | **Why prioritize taint mode?** Pattern matching finds syntax but misses context. A pattern `eval($X)` matches both `eval(user_input)` (vulnerable) and `eval("safe_literal")` (safe). Taint mode tracks |
high line 116
Eval function call - arbitrary code execution
SourceSKILL.md
| 116 | message: User input passed to eval() allows code execution |
high line 121
Eval function call - arbitrary code execution
SourceSKILL.md
| 121 | - pattern: eval(...) |
high line 127
Eval function call - arbitrary code execution
SourceSKILL.md
| 127 | eval(request.args.get('code')) |
high line 130
Eval function call - arbitrary code execution
SourceSKILL.md
| 130 | eval("print('safe')") |
medium line 67
System command execution
SourceSKILL.md
| 67 | pattern: os.system("rm " + $VAR) |
medium line 74
System command execution
SourceSKILL.md
| 74 | - pattern: os.system(...) |
medium line 67
Python os.system command execution
SourceSKILL.md
| 67 | pattern: os.system("rm " + $VAR) |
medium line 74
Python os.system command execution
SourceSKILL.md
| 74 | - pattern: os.system(...) |
Scanned on May 12, 2026
View Security DashboardGitHub Stars 3.7K
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
frontenddocxgittestingmobilebackendml-ai-engineerbackend-developersecurity-engineerqa-engineerdevelopment
trailofbits/skills