Which programming languages are supported?

It supports over 40 languages, including JavaScript, TypeScript, Python, Go, Rust, Java, C++, Ruby, and many more.

Can I use this for security audits?

Yes, it includes specialized rules for detecting vulnerabilities like SQL injection, XSS, and insecure API usage through structural analysis.

What is the difference between AST-based search and regex?

Regex matches text patterns, while AST-based search understands code syntax, allowing it to find nested calls or specific logic regardless of formatting or whitespace.

How does it simplify large-scale refactoring?

It allows you to define a search pattern and a replacement template. The tool ensures variables captured in the search are correctly mapped to the replacement, preserving code logic.

Is it possible to integrate this into a CI/CD pipeline?

Absolutely. It can output results in JSON format, making it ideal for automated security gates and quality checks in your deployment workflows.

MoAI AST-Grep Code Intelligence

Name: MoAI AST-Grep Code Intelligence
Author: zellycloud

byzellycloud

0•

Security & Testing

Performs structural code search, security scanning, and semantic refactoring using Abstract Syntax Tree analysis across 40+ languages.

This skill integrates the powerful ast-grep (sg) tool into Claude's environment, enabling semantic code analysis that far surpasses traditional regex-based searches. It allows developers to identify and transform complex code patterns—such as nested function calls, specific API usages, or architectural violations—with high precision. By leveraging a robust YAML-based rule engine, it provides an automated framework for enforcing security standards, conducting large-scale migrations, and maintaining high code quality across diverse polyglot codebases.

Key Features

01Security scanning for vulnerability patterns like SQL injection and XSS

02YAML-based rule engine for custom linting and architectural enforcement

03Relational search rules to find patterns based on surrounding code context

04Structural pattern matching using meta-variables and variadic arguments

05Automated code refactoring with semantic awareness across 40+ languages

060 GitHub stars

Use Cases

01Executing large-scale API migrations, such as converting Axios to Fetch across a project

02Automating security audits by scanning for insecure coding patterns in CI/CD

03Enforcing domain-specific coding standards that standard linters cannot detect

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add zellycloud/zyflow moai-tool-ast-grep

For use in Claude.ai and ChatGPT

Download Skill