How are the scan results presented?

Results are provided in a structured format (JSON or standard output) that identifies the file, line number, severity level, specific CWE/OWASP category, and a recommended fix.

Do I need Semgrep installed to use this skill?

Yes, SAST Runner acts as a wrapper for Semgrep. You must have Semgrep installed on your system via pip, Homebrew, or Docker for the skill to function.

Can I target specific security standards like OWASP?

Yes, you can use the --config flag to select specific rulesets such as 'owasp-top-ten', 'cwe-top-25', or 'security-audit' for targeted testing.

What kind of vulnerabilities can this skill detect?

The tool detects common security flaws including SQL Injection, Cross-site Scripting (XSS), OS Command Injection, Path Traversal, and exposure of sensitive information.

What programming languages does the SAST Runner support?

It supports a wide variety of languages including JavaScript, TypeScript, Python, Go, Java, Ruby, PHP, C, C++, Rust, Kotlin, and Swift.

SAST Security Runner

Name: SAST Security Runner
Author: naporin0624

bynaporin0624

•

Security & Testing

Automates static application security testing using Semgrep to identify vulnerabilities, security anti-patterns, and OWASP Top 10 issues.

SAST Runner is a specialized security tool that integrates the power of Semgrep into the Claude Code environment, enabling developers to perform comprehensive static analysis on their source code. It scans for a wide range of security risks, including OWASP Top 10 vulnerabilities and CWE Top 25 threats, across dozens of programming languages. This skill is essential for maintaining code integrity, identifying injection flaws, and ensuring compliance with modern security standards throughout the development lifecycle, providing actionable feedback and remediation guidance directly within the terminal.

Key Features

012 GitHub stars

02Support for 15+ languages including JavaScript, Python, Go, and Java

03Customizable scan configurations for tailored security audits

04Detailed JSON output with line-specific findings and fix suggestions

05Pre-configured rulesets for OWASP Top 10 and CWE Top 25

06Automated vulnerability scanning powered by Semgrep

Use Cases

01Auditing legacy projects for security anti-patterns and sensitive information exposure

02Automating security compliance checks against standard industry frameworks

03Scanning a new codebase for SQL injection and XSS vulnerabilities before deployment

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add naporin0624/claude-web-audit-plugins sast-runner

For use in Claude.ai and ChatGPT

Download Skill