ReddRadar
Agent skill
Static Analysis Tools Skill
Integration with security-focused static analysis tools
Install this agent skill to your Project
npx add-skill https://github.com/a5c-ai/babysitter/tree/main/library/specializations/security-research/skills/static-analysis-tools
SKILL.md
Static Analysis Tools Skill
Overview
This skill provides integration with security-focused static analysis tools for comprehensive code security analysis.
Capabilities
- Execute Semgrep rules and custom patterns
- Run CodeQL queries for vulnerability detection
- Execute Bandit (Python), Brakeman (Ruby), etc.
- Parse and interpret static analysis results
- Generate custom detection rules
- Aggregate findings across tools
- Map findings to CWE/CVE identifiers
- Support SAST pipeline integration
Target Processes
- static-code-analysis.js
- variant-analysis.js
- web-app-vuln-research.js
- api-security-research.js
Dependencies
- Semgrep CLI
- CodeQL CLI and databases
- Language-specific analyzers:
- Bandit (Python)
- Brakeman (Ruby)
- gosec (Go)
- SpotBugs (Java)
- Python for result aggregation
Usage Context
This skill is essential for:
- Security code review automation
- Vulnerability pattern detection
- Custom security rule development
- CI/CD security gate integration
- Variant analysis across codebases
Integration Notes
- Supports multiple output formats (SARIF, JSON, custom)
- Can run incrementally on changed files
- Integrates with IDE and CI/CD workflows
- Custom rules can be version controlled
- Results can be deduplicated and triaged
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
a5c-ai/babysitter
gsd-tools
Central utility skill for GSD operations. Provides config parsing, slug generation, timestamps, path operations, and orchestrates calls to other specialized skills. Acts as the unified entry point that the original gsd-tools.cjs provided via its lib/ modules (commands, config, core, init).
a5c-ai/babysitter
model-profile-resolution
Resolve model profile (quality/balanced/budget) at orchestration start and map agents to specific models. Enables cost/quality tradeoffs by selecting appropriate AI models for each agent role.
a5c-ai/babysitter
verification-suite
Plan structure validation, phase completeness checks, reference integrity verification, and artifact existence confirmation. Provides the structured verification layer ensuring GSD artifacts are well-formed and complete.
a5c-ai/babysitter
state-management
STATE.md reading, writing, and field-level updates. Provides cross-session state persistence via .planning/STATE.md with structured fields for current task, completed phases, blockers, decisions, and quick tasks.
a5c-ai/babysitter
git-integration
Git commit patterns, formats, and conventions for GSD methodology. Provides atomic commits per task, structured commit messages, planning file commits, branch management, and milestone tag operations.
a5c-ai/babysitter
frontmatter-parsing
YAML frontmatter parsing and manipulation for .planning/ documents. Provides read, write, update, query, and validation operations on frontmatter blocks in GSD markdown artifacts.
Didn't find tool you were looking for?