codeql

Scans a codebase for security vulnerabilities using CodeQL's interprocedural data flow and taint tracking analysis. Triggers on "run codeql", "codeql scan", "codeql analysis", "build codeql database", or "find vulnerabilities with codeql". Supports "run all" (security-and-quality + security-experimental suites) and "important only" (high-precision security findings) scan modes. Also handles creating data extension models and processing CodeQL SARIF output.

Quality

92%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Advisory

Suggest reviewing before use

Quality

Discovery

100%

Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.

This is an excellent skill description that clearly identifies the tool (CodeQL), lists concrete capabilities, provides explicit trigger phrases, and distinguishes itself from generic security scanning skills. The description is well-structured, uses third person voice appropriately, and covers both scan modes and auxiliary functions like SARIF processing and data extension model creation.

Dimension	Reasoning	Score
Specificity	Lists multiple specific concrete actions: scanning for security vulnerabilities, interprocedural data flow and taint tracking analysis, building CodeQL databases, creating data extension models, processing SARIF output, and two distinct scan modes ('run all' vs 'important only').	3 / 3
Completeness	Clearly answers both 'what' (scans codebase for security vulnerabilities using CodeQL, creates data extension models, processes SARIF output) and 'when' (explicit trigger phrases listed with 'Triggers on...' clause, plus scan mode options).	3 / 3
Trigger Term Quality	Includes highly specific natural trigger phrases users would say: 'run codeql', 'codeql scan', 'codeql analysis', 'build codeql database', 'find vulnerabilities with codeql'. These are realistic user commands and cover common variations.	3 / 3
Distinctiveness Conflict Risk	Highly distinctive with 'CodeQL' as a clear niche identifier throughout. The specific tool name, SARIF output format, and CodeQL-specific terminology (taint tracking, data extension models, security-and-quality suites) make it very unlikely to conflict with other security scanning or code analysis skills.	3 / 3
	Total	12 / 12 Passed

Implementation

85%

Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.

This is a high-quality, well-architected skill that handles a complex multi-workflow tool (CodeQL) with clear decision logic, executable code, and excellent progressive disclosure. Its main weakness is moderate verbosity — the 'Rationalizations to Reject' section and some repeated patterns (output directory resolution appears twice) could be tightened. The workflow clarity and reference structure are exemplary for a skill of this complexity.

Suggestions

Consolidate the output directory resolution logic — it appears in both the 'Output Directory' section and 'Quick Start', which wastes tokens. Keep it in one place and reference it.

Consider trimming the 'Rationalizations to Reject' section to a more compact format (e.g., a table with rationalization → why it's wrong) to reduce verbosity while preserving the valuable content.

Dimension	Reasoning	Score
Conciseness	The skill is generally well-structured but includes some sections that could be tightened — 'When to Use' / 'When NOT to Use' lists explain things Claude likely knows, and the 'Rationalizations to Reject' section, while valuable, is verbose. The output directory resolution logic is repeated. However, most content earns its place given the complexity of CodeQL workflows.	2 / 3
Actionability	The skill provides fully executable bash commands for database discovery, output directory resolution, and CodeQL verification. Code snippets are copy-paste ready with concrete commands, directory structures, and specific tool invocations. The workflow selection logic includes concrete decision tables and AskUserQuestion templates.	3 / 3
Workflow Clarity	The skill has excellent workflow sequencing with clear decision trees (auto-detection logic table), explicit validation checkpoints (database quality assessment, zero-finding investigation), and feedback loops. The success criteria checklist at the end serves as a comprehensive validation checkpoint. The principle 'Follow workflows step by step' with gating between phases is explicitly stated.	3 / 3
Progressive Disclosure	Exemplary progressive disclosure — the main SKILL.md provides a clear overview with essential principles, workflow selection logic, and decision trees, while detailed implementation is delegated to well-organized one-level-deep references (3 workflows + 12 reference files). The Reference Index table provides clear navigation with descriptive labels for each file.	3 / 3
	Total	11 / 12 Passed

Validation

100%

Warnings & errors only

Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.

Validation — 11 / 11 Passed

Validation for skill structure

No warnings or errors.

Repository: trailofbits/skills
Commit: 540111a

Reviewed: 5 days ago

Table of Contents

Discovery Implementation Validation

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.