semgrep-rule-creator
Guides the creation of custom Semgrep rules to detect security vulnerabilities and code patterns through a structured testing approach.
Install this skill
Security score
The semgrep-rule-creator skill was audited on Jun 3, 2026 and we found 14 security issues across 2 threat categories, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
Eval function call - arbitrary code execution
| 52 | pattern: eval(...) |
Eval function call - arbitrary code execution
| 104 | **Why prioritize taint mode?** Pattern matching finds syntax but misses context. A pattern `eval($X)` matches both `eval(user_input)` (vulnerable) and `eval("safe_literal")` (safe). Taint mode tracks |
Eval function call - arbitrary code execution
| 122 | message: User input passed to eval() allows code execution |
Eval function call - arbitrary code execution
| 127 | - pattern: eval(...) |
Eval function call - arbitrary code execution
| 133 | eval(request.args.get('code')) |
Eval function call - arbitrary code execution
| 136 | eval("print('safe')") |
System command execution
| 75 | pattern: os.system("rm " + $VAR) |
System command execution
| 80 | - pattern: os.system(...) |
Python os.system command execution
| 75 | pattern: os.system("rm " + $VAR) |
Python os.system command execution
| 80 | - pattern: os.system(...) |
External URL reference
| 165 | 1. [Rule Syntax](https://semgrep.dev/docs/writing-rules/rule-syntax) |
External URL reference
| 166 | 2. [Pattern Syntax](https://semgrep.dev/docs/writing-rules/pattern-syntax) |
External URL reference
| 167 | 3. [ToB Testing Handbook - Semgrep](https://appsec.guide/docs/static-analysis/semgrep/advanced/) |
External URL reference
| 168 | 4. [Constant propagation](https://semgrep.dev/docs/writing-rules/data-flow/constant-propagation) |