← 返回 Skills 市场
Semgrep
作者
Vlad Ursul
· GitHub ↗
· v1.0.2
· MIT-0
304
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install semgrep
功能描述
Semgrep integration. Manage Rules, Scans. Use when the user wants to interact with Semgrep data.
安全使用建议
This skill uses the Membrane service and its CLI to act on Semgrep data. Before installing or following the instructions: (1) recognize you'll need to install a third-party npm package globally (@membranehq/cli) and authenticate via Membrane — review that package's origin and permissions; (2) actions and proxy requests will send data (scan details, repository info, possibly findings and secrets) through Membrane's servers, so ensure you trust Membrane's privacy and access policies before granting access; (3) if you prefer not to route data through a third party, consider using the official Semgrep CLI/API directly instead.
功能分析
Type: OpenClaw Skill
Name: semgrep
Version: 1.0.2
The skill provides a standard integration for Semgrep using the Membrane CLI. It includes instructions for authentication, searching for actions, and executing scans or retrieving findings (including secrets) via the 'membrane' command-line tool. All described behaviors, including network access and CLI usage, are directly aligned with the stated purpose of managing Semgrep data and do not exhibit malicious intent or unauthorized data exfiltration.
能力评估
Purpose & Capability
The skill claims to integrate with Semgrep and all runtime instructions focus on using the Membrane CLI to list connections, run actions, and proxy API calls to Semgrep. Requesting a Membrane account and network access aligns with this purpose; no unrelated credentials or binaries are requested.
Instruction Scope
Instructions are limited to installing the Membrane CLI, logging in, creating connections, listing actions, running actions, and optionally proxying raw API requests via Membrane. The proxy behavior means requests and (potentially) repository/scan data will flow through Membrane's service — this is consistent with the stated design but is a privacy/third-party-data-flow consideration rather than a scope violation.
Install Mechanism
There is no automated install spec in the registry; the SKILL.md instructs the user to run 'npm install -g @membranehq/cli'. That is a normal way to obtain the Membrane CLI but does require installing a third-party npm package globally (moderate risk if you don't trust the package source).
Credentials
The skill declares no environment variables or local config access. It relies on Membrane to manage authentication server-side, which is proportional to its design. The lack of requested local secrets is appropriate.
Persistence & Privilege
The skill is instruction-only, has no install-time persistence, and 'always' is false. It does not request elevated platform privileges or modify other skills/configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install semgrep - 安装完成后,直接呼叫该 Skill 的名称或使用
/semgrep触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Revert refresh marker
v1.0.1
Refresh update marker
v1.0.0
Auto sync from membranedev/application-skills
元数据
常见问题
Semgrep 是什么?
Semgrep integration. Manage Rules, Scans. Use when the user wants to interact with Semgrep data. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 304 次。
如何安装 Semgrep?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install semgrep」即可一键安装,无需额外配置。
Semgrep 是免费的吗?
是的,Semgrep 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Semgrep 支持哪些平台?
Semgrep 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Semgrep?
由 Vlad Ursul(@gora050)开发并维护,当前版本 v1.0.2。
推荐 Skills