semgrep-rule-creator
Facilitates the creation of custom Semgrep rules to detect security vulnerabilities and code patterns through a structured approach.
Install this skill
or
0/100
Security score
The semgrep-rule-creator skill was audited on Mar 20, 2026 and we found 8 security issues across 1 threat category, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
high line 51
Eval function call
SourceSKILL.md
| 49 | |
| 50 | # GOOD: Specific dangerous function |
| 51 | pattern: eval(...) |
| 52 | ``` |
| 53 |
critical line 105
Eval function call
SourceSKILL.md
| 103 | - **Pattern matching**: Simple syntactic patterns without data flow requirements |
| 104 | |
| 105 | **Why prioritize taint mode?** Pattern matching finds syntax but misses context. A pattern `eval($X)` matches both `eval(user_input)` (vulnerable) and `eval("safe_literal")` (safe). Taint mode tracks data flow, so it only alerts when untrusted data actually reaches the sink—dramatically reducing false positives for injection vulnerabilities. |
| 106 | |
| 107 | **Iterating between approaches:** It's okay to experiment. If you start with taint mode and it's not working well (e.g., taint doesn't propagate as expected, too many false positives/negatives), switch to pattern matching. Conversely, if pattern matching produces too many false positives on safe cases, try taint mode instead. The goal is a working rule—not rigid adherence to one approach. |
high line 123
Eval function call
SourceSKILL.md
| 121 | languages: [python] |
| 122 | severity: HIGH |
| 123 | message: User input passed to eval() allows code execution |
| 124 | mode: taint |
| 125 | pattern-sources: |
high line 128
Eval function call
SourceSKILL.md
| 126 | - pattern: request.args.get(...) |
| 127 | pattern-sinks: |
| 128 | - pattern: eval(...) |
| 129 | ``` |
| 130 |
high line 134
Eval function call
SourceSKILL.md
| 132 | ```python |
| 133 | # ruleid: insecure-eval |
| 134 | eval(request.args.get('code')) |
| 135 | |
| 136 | # ok: insecure-eval |
high line 137
Eval function call
SourceSKILL.md
| 135 | |
| 136 | # ok: insecure-eval |
| 137 | eval("print('safe')") |
| 138 | ``` |
| 139 |
medium line 74
System command execution
SourceSKILL.md
| 72 | ```yaml |
| 73 | # BAD: Only matches exact format |
| 74 | pattern: os.system("rm " + $VAR) |
| 75 | |
| 76 | # GOOD: Matches all os.system calls with taint tracking |
medium line 81
System command execution
SourceSKILL.md
| 79 | - pattern: input(...) |
| 80 | pattern-sinks: |
| 81 | - pattern: os.system(...) |
| 82 | ``` |
| 83 |
Scanned on Mar 20, 2026
View Security DashboardInstall this skill with one command
/learn @trailofbits/semgrep-rule-creator