semgrep-rule-creator
Facilitates the creation of custom Semgrep rules to detect security vulnerabilities and code patterns through a structured approach.
Install this skill
or
0/100
Security score
The semgrep-rule-creator skill was audited on May 25, 2026 and we found 8 security issues across 1 threat category, including 1 critical. Review the findings below before installing.
Categories Tested
Security Issues
high line 44
Eval function call
SourceSKILL.md
| 42 | |
| 43 | # GOOD: Specific dangerous function |
| 44 | pattern: eval(...) |
| 45 | ``` |
| 46 |
critical line 98
Eval function call
SourceSKILL.md
| 96 | - **Pattern matching**: Simple syntactic patterns without data flow requirements |
| 97 | |
| 98 | **Why prioritize taint mode?** Pattern matching finds syntax but misses context. A pattern `eval($X)` matches both `eval(user_input)` (vulnerable) and `eval("safe_literal")` (safe). Taint mode tracks data flow, so it only alerts when untrusted data actually reaches the sink—dramatically reducing false positives for injection vulnerabilities. |
| 99 | |
| 100 | **Iterating between approaches:** It's okay to experiment. If you start with taint mode and it's not working well (e.g., taint doesn't propagate as expected, too many false positives/negatives), switch to pattern matching. Conversely, if pattern matching produces too many false positives on safe cases, try taint mode instead. The goal is a working rule—not rigid adherence to one approach. |
high line 116
Eval function call
SourceSKILL.md
| 114 | languages: [python] |
| 115 | severity: HIGH |
| 116 | message: User input passed to eval() allows code execution |
| 117 | mode: taint |
| 118 | pattern-sources: |
high line 121
Eval function call
SourceSKILL.md
| 119 | - pattern: request.args.get(...) |
| 120 | pattern-sinks: |
| 121 | - pattern: eval(...) |
| 122 | ``` |
| 123 |
high line 127
Eval function call
SourceSKILL.md
| 125 | ```python |
| 126 | # ruleid: insecure-eval |
| 127 | eval(request.args.get('code')) |
| 128 | |
| 129 | # ok: insecure-eval |
high line 130
Eval function call
SourceSKILL.md
| 128 | |
| 129 | # ok: insecure-eval |
| 130 | eval("print('safe')") |
| 131 | ``` |
| 132 |
medium line 67
System command execution
SourceSKILL.md
| 65 | ```yaml |
| 66 | # BAD: Only matches exact format |
| 67 | pattern: os.system("rm " + $VAR) |
| 68 | |
| 69 | # GOOD: Matches all os.system calls with taint tracking |
medium line 74
System command execution
SourceSKILL.md
| 72 | - pattern: input(...) |
| 73 | pattern-sinks: |
| 74 | - pattern: os.system(...) |
| 75 | ``` |
| 76 |
Scanned on May 25, 2026
View Security DashboardGitHub Stars 5.6K
Rate this skill
Categorydevelopment
UpdatedJune 10, 2026
frontenddocxgittestingmobilebackendml-ai-engineerbackend-developersecurity-engineerqa-engineerdevelopment
trailofbits/skills