KimYx0207

KimYx0207 / SkillSemgrep

Public

Claude Code安全扫描Skill:说句中文就能扫漏洞,基于Semgrep | Security scanning skill for Claude Code, powered by Semgrep

14
3
89% credibility
Found Feb 25, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
PowerShell
AI Summary

This project adds a natural language-triggered code security scanning feature to Claude Code using everyday phrases to detect vulnerabilities and secrets.

How It Works

1
🔍 Discover the Safety Scanner

You find a helpful tool on GitHub that lets you easily check your code for security problems right inside your AI coding assistant.

2
📥 Grab the Setup Helper

You download the simple one-click setup file to add this safety feature to your AI assistant.

3
⚙️ Run the Easy Setup

With one command, it automatically prepares everything you need, checking and adding the scanning ability without any hassle.

4
💻 Open Your Project

You go back to your AI coding assistant with your code project ready.

5
🗣️ Ask in Plain Words

Just say something simple like 'scan for vulnerabilities' or 'check for safety issues,' and it starts working instantly.

6
📊 Get Your Report

You receive a clear summary of any problems found, sorted by how serious they are, with easy fix ideas.

Safer Code Achieved

Your project is now more secure, and you feel confident continuing your work with peace of mind.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 14 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is SkillSemgrep?

SkillSemgrep brings Semgrep-powered code security scanning directly into Claude Code as a natural language skill. Developers say phrases like "安全扫描一下这个项目" or "/code-security" to trigger scans for OWASP Top 10 vulnerabilities, secret leaks, and issues in Python, JavaScript, Go, and more—getting structured reports with fix suggestions. Written in PowerShell with bash support, it auto-installs Semgrep and sets up global or project-level use via a one-click script, solving the hassle of manual CLI scans in Claude Code agents.

Why is it gaining traction?

It stands out by embedding claude code security into your workflow without claude code pricing barriers or enterprise limits, unlike claude code vs codex or paid tools—free, fast rule-based detection beats waiting for AI analysis. The hook is effortless claude code install: natural Chinese/English triggers, hot-reloading skills, and modes like OWASP audits or secret scans, perfect for claude github pr review or claude github integration in actions. No commands to memorize, just speak and get prioritized reports.

Who should use this?

Backend devs building Python/Go APIs who need quick secret leak checks before commits. Frontend teams scanning JS/TS for upload flaws during claude github copilot sessions. Security-conscious solo devs or small teams using claude code web for private repos, wanting claude code kostenlos alternatives to manual Semgrep runs in claude github plugin flows.

Verdict

Worth a 5-minute claude code max test for Claude Code users—solid docs and easy setup make it usable now, despite 10 stars and 0.9% credibility signaling early maturity. Skip if you need zero-day AI detection; otherwise, it's a practical free boost for routine scans.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.