Semgrep plugins

Create and validate custom Semgrep rules for detecting security vulnerabilities, bugs, code patterns, and standards using test-first methodology, conversation context for patterns and languages, plus taint mode support.

Discover similar bugs and vulnerabilities across your codebase by generalizing patterns from an initial issue using ripgrep, Semgrep, and CodeQL for iterative, pattern-based analysis via skills or commands.

Port existing Semgrep rules to target languages by generating YAML rule files and annotated tests, with applicability analysis and test-driven validation to expand coverage in polyglot codebases.

Orchestrate persistent multi-session AI coding workflows: track git-backed tasks via beads CLI, compound knowledge from learnings/patterns/research via flywheel, enforce RPI (research-plan-implement-vibe-postmortem) gates with ratchets, automate epic execution with subagents, validate code quality/security/docs.

Orchestrate a fleet of 11 AI-powered QE agents to automate comprehensive quality engineering: generate unit/integration/E2E tests for Jest/Vitest/Playwright/Pytest, perform sublinear coverage analysis and gap prioritization, run chaos/resilience experiments on Docker/K8s, guide TDD workflows, benchmark performance, enforce git/CI quality gates, detect flakiness/security issues, and produce reports.

Equip AI agents with Starknet skills to autonomously handle wallet creation and management, DeFi swaps and staking, Cairo contract authoring deployment and auditing, cross-chain bridging, privacy payments, and network operations.

Invoke /cyber-neo on any local project path to scan for vulnerabilities across SAST, SCA dependency CVEs, leaked secrets, auth/crypto flaws, misconfigurations, supply chain risks, and CI/CD issues, covering OWASP 2025 Top 10 and CWE Top 25. Obtain prioritized reports with remediation guidance to secure your codebase quickly.

Orchestrate secure, TDD-driven coding workflows in Claude Code using rune:cook for features/bugs/refactors, rune:team for parallel multi-agent tasks across git worktrees, rune:launch for tested deployments to Vercel/Netlify/AWS, and rune:rescue for incremental legacy modernization—with auto-firing preflight gates, quarantine for untrusted data, completion verification, and mesh analytics ensuring quality and safety.

Run automated security audits on codebases, dependencies, infrastructure, and web apps: detect CVEs with upgrade commands and auto-fixes, perform Semgrep scans and supply chain risk analysis for JS/Python/Rust/Go packages, evaluate HTTP headers, generate project security configs, guard sensitive files, and leverage agents for pentesting and prioritized remediations with reports.

Perform security scans on code and containers with Semgrep and Trivy, automate browser testing and debugging via Playwright and CDP, manage GitHub repos and issues, generate shadcn/ui components for React/Tailwind projects, integrate Backlog tasks, and triage fixes with AI—all through local MCP servers for spec-driven workflows.

Perform AI-powered whitebox penetration testing on polyglot monorepos across 9 languages: scan code with Semgrep/CodeQL/Joern, conduct STRIDE threat modeling, trace data flows to sinks, verify findings with agents, generate SARIF reports, and auto-apply fixes via commands.

Audit repository compatibility with AI coding agents via diagnostics on findability, instruction quality, workability, continuity, safety, and harness setup. Bootstrap git repos with universal CI/CD workflows (gitleaks, semgrep, trivy), language-specific checks (Python/TypeScript/Node), git hooks, and agent templates like CLAUDE.md.

Generate bulletproof TDD plans for complex tasks from any input, execute them via RED-GREEN-REFACTOR cycles with independent verification agents, audit codebase health using static tools, simplify code without regressions, and maintain fresh project docs. Handles TS/JS/Python/Go/Rust projects via full pipeline: init, plan, execute, verify.

Automate full code quality audits, security vulnerability scans, SOLID/DRY principle checks, test coverage analysis, and TDD workflows for Drupal and Next.js projects. Auto-detects project type, installs/configures tools like PHPStan, ESLint, Jest, Semgrep, generates prioritized JSON/Markdown reports in .reports/, sets up git hooks, and runs multi-agent debates on architecture and security findings.

Reference 735 practical cybersecurity skills in Chinese to detect threats, perform pentests, analyze malware, hunt adversaries, harden systems, and respond to incidents across web, cloud, mobile, OT/ICS using Python/Bash/PowerShell scripts and tools.

Orchestrate multi-agent code reviews on git changes or codebases, covering architecture, security, quality, performance, and best practices. Generate PR descriptions with stats, impacts, and categories; produce metrics, prioritized findings, and remediation guidance with framework-specific focus.

Automate GitHub PR quality gates and lifecycle management: monitor PRs for CI status, run security scans, code quality checks, performance benchmarks, test coverage, and review compliance; auto-rebase, fix issues, categorize comments, and create structured GitHub issues for findings.

Orchestrate AI-powered dev pipelines that audit repos, generate PRDs/issues, build/test vertical slices in git worktrees with TDD/QA/security, review code, and deploy full-stack apps using 37 specialist skills, agents, and multi-tool static analysis.

Trigger parallel specialist subagents for multi-angle code reviews on architecture, security, performance, concurrency, blockchain, functional programming, types, AI apps; diagnose pre-implementation gaps in requirements, system design, cognitive reasoning; decompose tasks into actionable slices to accelerate development workflows.

Run deep tests, static analyses, security audits, and code reviews on Claude skills. Initialize sessions with skill paths or SKILL.md files, execute full pipelines capturing runtime I/O and API traces, resume interrupted runs, regenerate HTML reports, and get scored reviews of scripts, prompts, and security findings.

Perform comprehensive application security audits: threat model codebases with STRIDE, PASTA, LINDDUN, OWASP Top 10; scan vulnerabilities using semgrep, gitleaks across code, configs, deps; simulate red team attacks with 6 personas; generate fixes, Mermaid diagrams, reports, and interactive tutorials.

Automate Git workflows including PR review processing into fix commits, merge conflict resolution with type checks, explanatory PR creation; perform precision code reviews for bugs/quality issues; run multi-language security scans with fix proposals; manage Linear tasks via API.

Automate full PDLC workflows in Claude Code using phase-aware skill routing that dispatches tasks to specialist agents for discovery, multi-variant design debates, parallel implementation, spec drift detection, security scans, deployment checklists, runtime validations, incident investigations, and state recovery with guardrails.

Orchestrate multi-agent swarms to automate full SDLC pipelines in Claude Code: decompose tasks into stories, execute parallel DESIGN→TEST→DEV→VERIFY→DOCS stages across git worktrees, implement TDD fixes for builds/lints/tests, triage static analysis/security scans, generate docs/tests, optimize performance, debug issues, and merge changes for JS/TS/Go/Python projects.