semgrep
Curated third-party skill source. Run external-skill-auditor before repo promotion.
Curated third-party skill source. Run external-skill-auditor before repo promotion.
Quick Start
Install:
npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencodeUse: /semgrep
Works with Claude Code, Gemini CLI, OpenCode, and other agentskills.io-compatible agents.
What It Does
Section titled “What It Does”Fast pattern-based (and taint) security scanning with Semgrep using built-in (OWASP, CWE, Trail of Bits), custom YAML rules, taint tracking. Parallel scanner agents per lang category; triager agent (Read/Grep/Glob/Write) for FP classification. SARIF/CI friendly. Part of static-analysis plugin.
Harness Coverage
Section titled “Harness Coverage”Targets verified harnesses: antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode.
Portable multi-harness install command:
npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencodeTrust / Audit
Section titled “Trust / Audit”Trust tier: Inspect first (needs-inspection)
Curated status: inspect-then-install
Risk notes: Curated third-party skill source. Run external-skill-auditor before repo promotion.
Entry maintained via authoring + research for compose-external-wave-11; provenance and audit notes are authoritative there (research context is advisory).
Install Prerequisites
Section titled “Install Prerequisites”npx skills add trailofbits/skills --skill semgrep ... status=inspect-then-install; selector=named (grouped w/ codeql).
| Field | Value |
|---|---|
| Source Type | curated-external |
| Display Source | trailofbits/skills |
| Source Kind | github |
| Installability | portable command |
| Review State | curated |
| Trust Tier | needs-inspection |
| Target Agents | antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode |
| Field | Value |
|---|---|
| Name | semgrep |
Curated catalog entry
---name: "semgrep"description: "Curated third-party skill source. Run external-skill-auditor before repo promotion."title: "Semgrep"source_kind: "curated-external"source: "trailofbits/skills"install_source: "trailofbits/skills"status: "inspect-then-install"trust_tier: "needs-inspection"provenance_status: "verified-install-command"install_command: "npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode"target_agents: [antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode]source_url: "https://github.com/trailofbits/skills"notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."risk_notes: "Curated third-party skill source. Run external-skill-auditor before repo promotion."promotion_policy: "Inspect source, hooks, scripts, credentials, and dedupe before install."provenance_evidence: "Curated `npx skills add` command with named `--skill` selectors under `inspect-then-install` in config/external-skills.md."---
{/* GENERATED-AUTHORING: source=config/external-skills.md; entry=semgrep; re-run migration to refresh */}
Curated third-party skill source. Run external-skill-auditor before repo promotion.Install / provenance (from authoring frontmatter + research):
| Field | Value |
|---|---|
| install_command | npx skills add trailofbits/skills --skill codeql --skill semgrep --skill property-based-testing -y -g -a antigravity claude-code codex crush cursor gemini-cli github-copilot grok opencode |
| source | trailofbits/skills |
| source_url | https://github.com/trailofbits/skills |
| trust_tier | needs-inspection |
| curated_status | inspect-then-install |
| target_agents | antigravity, claude-code, codex, crush, cursor, gemini-cli, github-copilot, grok, opencode |