Technical & DevelopmentIntermediate

semgrep-rule-variant-creator

Port existing Semgrep rules to new target languages with test-driven validation

Developer Setup

Setup & Installation

bash

npx skills add https://github.com/trailofbits/skills --skill semgrep-rule-variant-creator

npx skills add https://github.com/trailofbits/skills --skill semgrep-rule-variant-creator

Or paste this URL into your assistant to install:

https://github.com/trailofbits/skills/tree/main/plugins/semgrep-rule-variant-creator View on GitHub

Overview

What This Skill Does

Takes an existing Semgrep rule and ports it to one or more target languages. For each language, it runs applicability analysis, writes test cases first, translates the rule syntax to match target language AST and idioms, then validates until all tests pass. Outputs an independent rule and test file directory per language.

Application

When to use this Skill

Configuring integration settings for custom agent workflows.
Optimizing query execution and response latency in production.
Developing clean, standard-compliant implementations for enterprise services.
Troubleshooting connection timeouts and authentication handshakes.
Monitoring API rate limits and execution pipelines programmatically.

Documentation

Show Skills.md file

Semgrep Rule Variant Creator

A Claude Code skill for porting existing Semgrep rules to new target languages with proper applicability analysis and test-driven validation.

Overview

This skill takes an existing Semgrep rule and one or more target languages, then generates independent rule variants for each applicable language. Each variant goes through a complete 4-phase cycle:

Applicability Analysis - Determine if the vulnerability pattern applies to the target language
Test Creation - Write test-first with vulnerable and safe cases
Rule Creation - Translate patterns and adapt for target language idioms
Validation - Ensure all tests pass before proceeding

Prerequisites

Semgrep installed and available in PATH
Existing Semgrep rule to port (in YAML)
Target languages specified

Usage

Invoke the skill when you want to port an existing Semgrep rule:

Port the sql-injection.yaml Semgrep rule to Go and Java

Lines 1 - 26 of 86

Recommendations

Explore other random skills

TechnicalIntermediate

sentry-php-sdk

Full Sentry SDK setup for PHP, Laravel, and Symfony

TechnicalIntermediate

sentry-ruby-sdk

Full Sentry SDK setup for Ruby (Rails, Sinatra, Rack, Sidekiq, Resque)

TechnicalIntermediate

sentry-react-sdk

Full Sentry SDK setup for React (React Router v5-v7, TanStack Router, Redux, Vite, webpack)

All skills My patterns