{"id":"56cf4d6d-7a3f-4e8c-8a0e-b288108b0f63","shortId":"zmrbhC","kind":"skill","title":"Semgrep Security Review Agent","tagline":"Performs SAST scanning using Semgrep CLI and Semgrep Registry rules. Detects OWASP Top 10 vulnerabilities, injection flaws, and insecure patterns with custom rule YAML authoring.","description":"# Semgrep Security Review Agent\n\nPerforms SAST scanning using Semgrep CLI and Semgrep Registry rules. Detects OWASP Top 10 vulnerabilities, injection flaws, and insecure patterns with custom rule YAML authoring.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- $ brew install semgrep\n- $ docker run -it -v \"${PWD}:/src\" semgrep/semgrep semgrep login\n- $ docker run -e SEMGREP_APP_TOKEN=<TOKEN> --rm -v \"${PWD}:/src\" semgrep/semgrep semgrep ci\n- $ brew upgrade semgrep\n\nRequirements and caveats from upstream:\n- <a href=\"https://hub.docker.com/r/semgrep/semgrep\">\n- <img src=\"https://img.shields.io/docker/pulls/semgrep/semgrep.svg?style=flat-square\" alt=\"Docker Pulls\" />\n- <img src=\"https://img.shields.io/docker/pulls/semgrep/semgrep.svg?style=flat-square\" alt=\"Docker Pulls (Old)\" />\n\nBasic usage or getting-started notes:\n- Semgrep is a fast, open-source, static analysis tool that searches code, finds bugs, and enforces secure guardrails and coding standards. Semgrep [supports 30+ languages](#language-support) and can run in an IDE, as a...\n- [From the Semgrep AppSec Platform](#option-1-getting-started-from-the-semgrep-appsec-platform-recommended)\n- [From the CLI](#option-2-getting-started-from-the-cli)\n\n- Source: https://github.com/semgrep/semgrep\n- Extracted from upstream docs: https://raw.githubusercontent.com/semgrep/semgrep/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/semgrep-security-review-agent/)","tags":["semgrep","security","review","agent","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex"],"capabilities":["skill","source-agentskillexchange","skill-semgrep-security-review-agent","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/semgrep-security-review-agent","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,505 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:25.610Z","embedding":null,"createdAt":"2026-05-18T13:19:19.742Z","updatedAt":"2026-05-18T19:12:25.610Z","lastSeenAt":"2026-05-18T19:12:25.610Z","tsv":"'-1':154 '-2':168 '/semgrep/semgrep':178 '/semgrep/semgrep/head/readme.md':185 '/skills/semgrep-security-review-agent/)':192 '/src':79,92 '10':18,47 '30':135 'agent':4,33,187 'agentskillexchange.com':191 'agentskillexchange.com/skills/semgrep-security-review-agent/)':190 'analysi':119 'app':87 'appsec':151,161 'author':29,58 'basic':104 'brew':71,96 'bug':125 'caveat':101 'ci':95 'cli':10,39,166,174 'code':123,131 'custom':26,55 'detect':15,44 'doc':182 'docker':74,83 'e':85 'enforc':127 'environ':70 'exchang':189 'extract':179 'fast':114 'find':124 'flaw':21,50 'get':108,156,170 'getting-start':107 'getting-started-from-the-c':169 'getting-started-from-the-semgrep-appsec-platform-recommend':155 'github.com':177 'github.com/semgrep/semgrep':176 'guardrail':129 'ide':145 'inject':20,49 'insecur':23,52 'instal':59,63,72 'languag':136,138 'language-support':137 'login':82 'match':68 'note':110 'open':116 'open-sourc':115 'option':153,167 'owasp':16,45 'path':66 'pattern':24,53 'perform':5,34 'platform':152,162 'pwd':78,91 'raw.githubusercontent.com':184 'raw.githubusercontent.com/semgrep/semgrep/head/readme.md':183 'recommend':163 'registri':13,42 'requir':99 'review':3,32 'rm':89 'rule':14,27,43,56 'run':75,84,142 'sast':6,35 'scan':7,36 'search':122 'secur':2,31,128 'semgrep':1,9,12,30,38,41,73,81,86,94,98,111,133,150,160 'semgrep/semgrep':80,93 'setup':65 'skill':188 'skill-semgrep-security-review-agent' 'sourc':117,175,186 'source-agentskillexchange' 'standard':132 'start':109,157,171 'static':118 'support':134,139 'token':88 'tool':120 'top':17,46 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'upgrad':97 'upstream':62,103,181 'usag':105 'use':8,37,60 'v':77,90 'vulner':19,48 'yaml':28,57","prices":[{"id":"d41fd071-436e-4bd1-972e-278c5370faf2","listingId":"56cf4d6d-7a3f-4e8c-8a0e-b288108b0f63","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:19.742Z"}],"sources":[{"listingId":"56cf4d6d-7a3f-4e8c-8a0e-b288108b0f63","source":"github","sourceId":"agentskillexchange/skills/semgrep-security-review-agent","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/semgrep-security-review-agent","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:19.742Z","lastSeenAt":"2026-05-18T19:12:25.610Z"}],"details":{"listingId":"56cf4d6d-7a3f-4e8c-8a0e-b288108b0f63","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"semgrep-security-review-agent","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"e873482a0872dfd8c5e642560c8ebc0e761ac34e","skill_md_path":"skills/semgrep-security-review-agent/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/semgrep-security-review-agent"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Semgrep Security Review Agent","description":"Performs SAST scanning using Semgrep CLI and Semgrep Registry rules. Detects OWASP Top 10 vulnerabilities, injection flaws, and insecure patterns with custom rule YAML authoring."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/semgrep-security-review-agent"},"updatedAt":"2026-05-18T19:12:25.610Z"}}