Semgrep plugins

Generate code explanations, tutorials, API documentation, and architecture guides by analyzing codebases with AST-based metrics. Also performs AI-powered code reviews for security, performance, and reliability.

Automate code cleanup and legacy modernization with AI-driven analysis that detects code smells, SOLID violations, and technical debt, then generates prioritized refactoring plans and safe migration strategies using the strangler fig pattern while restoring project context from vector storage.

Enforce test-driven development with red-green-refactor cycles: generate failing tests, implement minimal passing code, and refactor safely while keeping tests green. Includes AI-powered code review for security and quality.

Create and validate custom Semgrep rules for detecting security vulnerabilities, bugs, code patterns, and standards using test-first methodology, conversation context for patterns and languages, plus taint mode support.

Discover similar bugs and vulnerabilities across your codebase by generalizing patterns from an initial issue using ripgrep, Semgrep, and CodeQL for iterative, pattern-based analysis via skills or commands.

Port existing Semgrep rules to target languages by generating YAML rule files and annotated tests, with applicability analysis and test-driven validation to expand coverage in polyglot codebases.

Operates a structured RPI (Research-Plan-Implement-Validate) workflow for AI coding agents, with persistent issue tracking, knowledge extraction from sessions, automated code quality gates, and multi-agent coordination via git-backed task graphs and CLI tools.

Orchestrate a fleet of 11 AI-powered QE agents to automate comprehensive quality engineering: generate unit/integration/E2E tests for Jest/Vitest/Playwright/Pytest, perform sublinear coverage analysis and gap prioritization, run chaos/resilience experiments on Docker/K8s, guide TDD workflows, benchmark performance, enforce git/CI quality gates, detect flakiness/security issues, and produce reports.

Invoke /cyber-neo on any local project path to scan for vulnerabilities across SAST, SCA dependency CVEs, leaked secrets, auth/crypto flaws, misconfigurations, supply chain risks, and CI/CD issues, covering OWASP 2025 Top 10 and CWE Top 25. Obtain prioritized reports with remediation guidance to secure your codebase quickly.

Run multi-layered security scans on codebases and infrastructure: detect CVEs with exact upgrade commands, analyze HTTP headers with risk scoring, audit supply chain risks in JS/Python/Rust/Go packages, and run Semgrep static analysis with graph-based exposure prioritization — all with a penetration-testing agent to validate and document findings.

Diagnose your repository's support for AI coding agents with checks on findability, instruction quality, and continuity, then bootstrap it with CI/CD workflows, git hooks, and agent templates like CLAUDE.md.

Plan, implement, and verify complex tasks using a pipeline that generates bulletproof plans, enforces TDD, and validates results with independent verification agents. Also audits code quality and documentation freshness.

Perform AI-powered whitebox penetration testing on polyglot monorepos across 9 languages: scan code with Semgrep/CodeQL/Joern, conduct STRIDE threat modeling, trace data flows to sinks, verify findings with agents, generate SARIF reports, and auto-apply fixes via commands.

Run proactive bug analysis on the current branch using static and semantic analysis tools, then synthesize results into an actionable bug report with incremental analysis support across commits.

Reference 735 practical cybersecurity skills in Chinese to detect threats, perform pentests, analyze malware, hunt adversaries, harden systems, and respond to incidents across web, cloud, mobile, OT/ICS using Python/Bash/PowerShell scripts and tools.

Run comprehensive multi-dimensional code reviews across architecture, security, performance, and best practices, generating structured reports and enhanced PR descriptions from git changes

Run comprehensive code quality and security audits for Drupal and Next.js projects, including static analysis, linting, test coverage, SOLID/DRY checks, and multi-layer security scanning with Semgrep, Trivy, and Gitleaks. Auto-detects project type, generates prioritized reports, and supports TDD workflows.

Generate comprehensive code documentation including API docs, architecture guides, tutorials, and ebooks from codebase analysis, with AI-powered code review for security and performance.

Integrate Codacy code quality and security analysis into your Claude Code workflow: run local static analysis, query issues and findings, enrich pull request reviews, configure project settings, and set up test coverage reporting.

Automate the full Git pull request lifecycle: analyze changes, generate PR descriptions, enforce code quality gates, and produce commit flows with configurable flags for skipping tests, drafts, squash merges, or trunk-based releases. Also provides onboarding plan generation and AI-powered code review with security and performance scanning.

Run comprehensive application security assessments inside Claude Code across 8 threat modeling frameworks (OWASP Top 10, STRIDE, PASTA, LINDDUN, MITRE ATT&CK, SANS/CWE, DREAD, OWASP API Top 10) with automated source code scanning, red team simulation using 6 attacker personas, and interactive security education directly on your codebase.

Orchestrates AI-driven multi-agent development workflow across multi-repo projects, from story refinement and requirements analysis to code implementation, review, testing, and PR creation, with automated guardrails and human approval gates.

Run deep tests, static analyses, security audits, and code reviews on Claude skills. Initialize sessions with skill paths or SKILL.md files, execute full pipelines capturing runtime I/O and API traces, resume interrupted runs, regenerate HTML reports, and get scored reviews of scripts, prompts, and security findings.