About
This skill enables CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Developers should use it to analyze code, create CodeQL databases, write custom QL queries, or set up security audits in CI/CD pipelines. It's ideal for performing comprehensive security analysis on codebases.
Quick Install
Claude Code
Recommendednpx skills add plurigrid/asi -a claude-code/plugin add https://github.com/plurigrid/asigit clone https://github.com/plurigrid/asi.git ~/.claude/skills/codeqlCopy and paste this command in Claude Code to install this skill
GitHub Repository
Frequently asked questions
What is the codeql skill?
codeql is a Claude Skill by plurigrid. Skills package instructions and resources that Claude loads on demand, so Claude can perform codeql-related tasks without extra prompting.
How do I install codeql?
Use the install commands on this page: add codeql to Claude Code as a plugin, or clone its repository into your skills directory, then restart Claude so it picks up the skill.
What category does codeql belong to?
codeql is in the static-analysis category, tagged ai and data.
Is codeql free to use?
Yes. codeql is listed on AIMCP and free to install. It runs inside Claude, so no separate service account is required to use the skill itself.
Related Skills
This skill enables developers to run Semgrep for fast static code analysis and security vulnerability scanning. It supports writing custom YAML rules, using taint mode analysis, and integrating Semgrep into CI/CD pipelines. Use it when you need to quickly scan code for security patterns or set up automated security checks.
This skill parses and processes SARIF files to work with static analysis results. It helps developers aggregate findings from multiple tools, deduplicate alerts, and extract specific vulnerabilities. Use it to integrate security scan data into CI/CD pipelines or analyze scan outputs.
This skill parses and processes SARIF files to work with static analysis results. It enables aggregating findings from multiple tools, deduplicating alerts, and extracting specific vulnerabilities. Use it to integrate security scan data into CI/CD pipelines or analyze scan outputs.
This skill enables CodeQL static analysis for security vulnerability detection, taint tracking, and data flow analysis. Developers should use it to analyze code, create databases, write custom QL queries, perform audits, or set up CodeQL in CI/CD pipelines. It's ideal for comprehensive security-focused code review and automation.
