CodeQL

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "im

Overview

CodeQL is a SKILL.md-based agent skill sourced from trailofbits/skills. It is categorized under data analysis and is listed for Claude Code, Claude. The source description focuses on: Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all... AIToolly summarizes this page as a directory entry rather than copying the full third-party skill content, so users can evaluate the source, compatibility, and practical fit before installing it.

Use Cases

Evaluate CodeQL before adding it to an AI agent workflow.
Use CodeQL as a starting point for repeatable data analysis tasks.
Compare CodeQL with related skills from skills and other GitHub repositories.

Install Notes

# Review source first
open https://github.com/trailofbits/skills/blob/main/plugins/static-analysis/skills/codeql/SKILL.md

Copy or clone the skill folder into your agent skills directory after reviewing its instructions and scripts.

Security Notes

Review the source SKILL.md, referenced scripts, permissions, and external services before installing CodeQL. Treat third-party skills like code dependencies, especially when they can read files, call APIs, or run commands.

Related Skills

Electron

vercel-labs/agent-browser

Data Analysis

Automate Electron desktop apps (VS Code, Slack, Discord, Figma, Notion, Spotify, etc.) using agent-browser via Chrome DevTools Protocol. Use when the user needs to interact with an Electron app, automate a desktop app, connect to a running app, control a native app, or test an Electron application. Triggers include "au

CodexClaude
designbrowser
37,057 starsSource linked

Deep Agents Orchestration

langchain-ai/langchain-skills

Data Analysis

INVOKE THIS SKILL when using subagents, task planning, or human approval in Deep Agents. Covers SubAgentMiddleware, TodoList for planning, and HITL interrupts.

CodexClaude
typescriptpython
817 starsSource linked

LangChain Fundamentals

langchain-ai/langchain-skills

Data Analysis

Create LangChain agents with create_agent, define tools, and use middleware for human-in-the-loop and error handling.

Claude
typescriptpython
817 starsSource linked

LangGraph Fundamentals

langchain-ai/langchain-skills

Data Analysis

INVOKE THIS SKILL when writing ANY LangGraph code. Covers StateGraph, state schemas, nodes, edges, Command, Send, invoke, streaming, and error handling.

CodexClaude
typescriptpython
817 starsSource linked

Ecosystem Primer

langchain-ai/langchain-skills

Data Analysis

INVOKE FIRST for any LangChain / LangGraph / Deep Agents agent building project before consulting other skills or writing any agent code. Required starting point for up to date info on framework selection (LangChain vs LangGraph vs Deep Agents vs hybrid composition), agent patterns, install, environment setup, and whic

CodexClaude
typescriptpython
817 starsSource linked

LangChain RAG

langchain-ai/langchain-skills

Data Analysis

INVOKE THIS SKILL when building ANY retrieval-augmented generation (RAG) system. Covers document loaders, RecursiveCharacterTextSplitter, embeddings (OpenAI), and vector stores (Chroma, FAISS, Pinecone).

CodexClaude
typescriptpython
817 starsSource linked