Setup & Installation
npx skills add https://github.com/trailofbits/skills --skill semgrep-rule-variant-creator
https://github.com/trailofbits/skills/tree/main/plugins/semgrep-rule-variant-creator
View on GitHubWhat This Skill Does
Takes an existing Semgrep rule and ports it to one or more target languages. For each language, it runs applicability analysis, writes test cases first, translates the rule syntax to match target language AST and idioms, then validates until all tests pass. Outputs an independent rule and test file directory per language.
Manually porting Semgrep rules across languages means guessing at AST structure and idioms — this skill dumps the actual AST, validates applicability per language, and enforces test-first so errors surface early rather than after writing five broken variants.
When to use it
- Porting a Python SQL injection rule to Go and Java for a polyglot backend
- Translating a JavaScript prototype pollution rule to TypeScript
- Expanding security rule coverage after adding a new language to a monorepo
- Creating per-language test files for a vulnerability pattern with different library APIs
- Checking whether a C rule's vulnerability class applies to Rust before attempting a port