← Back to Skills Marketplace
Semgrep
by
Vlad Ursul
· GitHub ↗
· v1.0.2
· MIT-0
304
Downloads
0
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install semgrep
Description
Semgrep integration. Manage Rules, Scans. Use when the user wants to interact with Semgrep data.
Usage Guidance
This skill uses the Membrane service and its CLI to act on Semgrep data. Before installing or following the instructions: (1) recognize you'll need to install a third-party npm package globally (@membranehq/cli) and authenticate via Membrane — review that package's origin and permissions; (2) actions and proxy requests will send data (scan details, repository info, possibly findings and secrets) through Membrane's servers, so ensure you trust Membrane's privacy and access policies before granting access; (3) if you prefer not to route data through a third party, consider using the official Semgrep CLI/API directly instead.
Capability Analysis
Type: OpenClaw Skill
Name: semgrep
Version: 1.0.2
The skill provides a standard integration for Semgrep using the Membrane CLI. It includes instructions for authentication, searching for actions, and executing scans or retrieving findings (including secrets) via the 'membrane' command-line tool. All described behaviors, including network access and CLI usage, are directly aligned with the stated purpose of managing Semgrep data and do not exhibit malicious intent or unauthorized data exfiltration.
Capability Assessment
Purpose & Capability
The skill claims to integrate with Semgrep and all runtime instructions focus on using the Membrane CLI to list connections, run actions, and proxy API calls to Semgrep. Requesting a Membrane account and network access aligns with this purpose; no unrelated credentials or binaries are requested.
Instruction Scope
Instructions are limited to installing the Membrane CLI, logging in, creating connections, listing actions, running actions, and optionally proxying raw API requests via Membrane. The proxy behavior means requests and (potentially) repository/scan data will flow through Membrane's service — this is consistent with the stated design but is a privacy/third-party-data-flow consideration rather than a scope violation.
Install Mechanism
There is no automated install spec in the registry; the SKILL.md instructs the user to run 'npm install -g @membranehq/cli'. That is a normal way to obtain the Membrane CLI but does require installing a third-party npm package globally (moderate risk if you don't trust the package source).
Credentials
The skill declares no environment variables or local config access. It relies on Membrane to manage authentication server-side, which is proportional to its design. The lack of requested local secrets is appropriate.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence, and 'always' is false. It does not request elevated platform privileges or modify other skills/configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install semgrep - After installation, invoke the skill by name or use
/semgrep - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Revert refresh marker
v1.0.1
Refresh update marker
v1.0.0
Auto sync from membranedev/application-skills
Metadata
Frequently Asked Questions
What is Semgrep?
Semgrep integration. Manage Rules, Scans. Use when the user wants to interact with Semgrep data. It is an AI Agent Skill for Claude Code / OpenClaw, with 304 downloads so far.
How do I install Semgrep?
Run "/install semgrep" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Semgrep free?
Yes, Semgrep is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Semgrep support?
Semgrep is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Semgrep?
It is built and maintained by Vlad Ursul (@gora050); the current version is v1.0.2.
More Skills