Semgrep is a well-rated Claude Code skill (quality score 85/100) in the appsec-tools sub-category. It ships as a SKILL.md file that Claude Code auto-discovers under ~/.claude/skills/semgrep/ and loads when your prompt matches the skill's trigger.
When to invoke it: Use when asked to scan code for vulnerabilities, run a security audit with Semgrep, find bugs, or perform static analysis. Spawns parallel workers for multi-language codebases.
The Semgrep skill is built for security engineers, penetration testers, DevSecOps practitioners, and development teams hardening codebases and infrastructure. It is part of the open ClaudSkills registry, a community-curated catalog of 15,000+ capabilities you can install for Claude Code — the Claude CLI agent.
mkdir -p ~/.claude/skills/semgrep curl -L https://claudskills.com/skills/semgrep/SKILL.md \ -o ~/.claude/skills/semgrep/SKILL.md
Or just download SKILL.md directly and drop it into ~/.claude/skills/semgrep/. Claude Code auto-discovers it on next session.
Skills live at ~/.claude/skills/semgrep/SKILL.md on macOS/Linux, or %USERPROFILE%\.claude\skills\semgrep\SKILL.md on Windows. See the full install guide for step-by-step instructions.
The ClaudSkills desktop app installs any skill directly into ~/.claude/skills/ with one click — no terminal required. Pro starts at $9/mo or $149 lifetime.
Browse all Security skills in the ClaudSkills registry, or explore these top-rated picks from the same category: