What it does

This skill runs Semgrep security scans against the current project to find known vulnerability patterns, secrets leaks, and common OWASP Top 10 issues. It outlines scanning workflows, recommended rule sets per language, and produces structured results suitable for triage and remediation.

When to use it

Use when you need an automated code security check: before merges, during audits, or on-demand when a user asks for a vulnerability scan, secrets check, or OWASP-focused review. Useful in CI, local developer workflows, or interactive agent-driven audits.

What's included

Scripts: none bundled (has_scripts=false)
References: Semgrep command examples and recommended rule sets included inline in the SKILL.md
Instructions: environment checks, installation (pip install semgrep), commands for full scans, language-specific rule suggestions, secrets detection, and report formatting guidance.

Compatible agents

Best for agents that can run shell commands and process JSON output (e.g., Claude Code / Codex / agents with shell access). The skill is language-agnostic and provides tailored rule recommendations for Python, JavaScript/TypeScript, and Go.

Semgrep Code Security Scanner

What it does

When to use it

What's included

Compatible agents

Tags

Not yet audited

Information

Related Skills