Semgrep plugins

Automatically generate API docs, user guides, tutorials, and architecture diagrams from code analysis, while also performing code review and security vulnerability detection.

Refactors and modernizes legacy codebases by detecting code smells, SOLID violations, and technical debt, generating prioritized remediation plans with cost estimates, while preserving project context for safe incremental migrations.

Enforce strict red-green-refactor TDD cycles: generate failing tests, implement minimal passing code, then refactor while keeping tests green. Includes AI-powered code review for security and quality.

Create and validate custom Semgrep rules for detecting security vulnerabilities, bugs, code patterns, and standards using test-first methodology, conversation context for patterns and languages, plus taint mode support.

Discover similar bugs and vulnerabilities across your codebase by generalizing patterns from an initial issue using ripgrep, Semgrep, and CodeQL for iterative, pattern-based analysis via skills or commands.

Port existing Semgrep rules to target languages by generating YAML rule files and annotated tests, with applicability analysis and test-driven validation to expand coverage in polyglot codebases.

Orchestrate a fleet of 11 AI-powered QE agents to automate comprehensive quality engineering: generate unit/integration/E2E tests for Jest/Vitest/Playwright/Pytest, perform sublinear coverage analysis and gap prioritization, run chaos/resilience experiments on Docker/K8s, guide TDD workflows, benchmark performance, enforce git/CI quality gates, detect flakiness/security issues, and produce reports.

Invoke /cyber-neo on any local project path to scan for vulnerabilities across SAST, SCA dependency CVEs, leaked secrets, auth/crypto flaws, misconfigurations, supply chain risks, and CI/CD issues, covering OWASP 2025 Top 10 and CWE Top 25. Obtain prioritized reports with remediation guidance to secure your codebase quickly.

Run security audits on projects: dependency CVE scanning with auto-fix, supply-chain risk analysis across JS/Python/Rust/Go, HTTP header grading with remediation commands, and Semgrep static analysis combined with graph-based exposure prioritization. Includes penetration testing and full codebase/infrastructure audit agents, plus hooks that block dangerous tool calls until validated by a Node script.

Diagnose your repository's support for AI coding agents with checks on findability, instruction quality, and continuity, then bootstrap it with CI/CD workflows, git hooks, and agent templates like CLAUDE.md.

Perform AI-powered whitebox penetration testing on polyglot monorepos across 9 languages: scan code with Semgrep/CodeQL/Joern, conduct STRIDE threat modeling, trace data flows to sinks, verify findings with agents, generate SARIF reports, and auto-apply fixes via commands.

Execute a multi-stage planning and verification pipeline that turns any task description into an actionable plan, implements it with strict TDD cycles, and independently verifies results before approving completion. Reduces hallucination and regressions through automated codebase exploration, reality-checking of claims, and quality scoring.

Run proactive bug analysis on the current branch using static and semantic analysis tools, then synthesize results into an actionable bug report with incremental analysis support across commits.

Reference 735 practical cybersecurity skills in Chinese to detect threats, perform pentests, analyze malware, hunt adversaries, harden systems, and respond to incidents across web, cloud, mobile, OT/ICS using Python/Bash/PowerShell scripts and tools.

Run comprehensive multi-dimensional code reviews across architecture, security, performance, and best practices, generating structured reports and enhanced PR descriptions from git changes

Automated code quality and security auditing for Drupal (PHP) and Next.js (JavaScript/TypeScript) projects. Runs comprehensive linting, static analysis, security scans, SOLID/DRY checks, test coverage, and TDD workflow with multi-agent debates for balanced improvements.

Generate comprehensive code documentation including API docs, architecture guides, tutorials, and ebooks from codebase analysis, with AI-powered code review for security and performance.

Automate the full Git pull request lifecycle: analyze changes, generate PR descriptions, enforce code quality gates, and produce commit flows with configurable flags for skipping tests, drafts, squash merges, or trunk-based releases. Also provides onboarding plan generation and AI-powered code review with security and performance scanning.

Run comprehensive application security audits using 8 threat modeling frameworks (OWASP Top 10, STRIDE, PASTA, LINDDUN, MITRE ATT&CK, SANS/CWE Top 25, DREAD, OWASP API Top 10), simulate red team attacks with 6 attacker personas, and generate prioritized remediation plans with verified fixes.

Orchestrates AI-driven multi-agent development workflow across multi-repo projects, from story refinement and requirements analysis to code implementation, review, testing, and PR creation, with automated guardrails and human approval gates.

Run deep tests, static analyses, security audits, and code reviews on Claude skills. Initialize sessions with skill paths or SKILL.md files, execute full pipelines capturing runtime I/O and API traces, resume interrupted runs, regenerate HTML reports, and get scored reviews of scripts, prompts, and security findings.