semantic-code-analyzer
LLM-powered semantic analysis of code diffs to detect business-logic trojans
Best use case
semantic-code-analyzer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
LLM-powered semantic analysis of code diffs to detect business-logic trojans
Teams using semantic-code-analyzer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/semantic-code-analyzer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How semantic-code-analyzer Compares
| Feature / Agent | semantic-code-analyzer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
LLM-powered semantic analysis of code diffs to detect business-logic trojans
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Semantic Code Analyzer
LLM-powered semantic analysis engine that detects business-logic trojans by comparing code intent (docstrings, function names, variable names) against actual implementation behavior.
## Purpose
The core detection capability of nation-state trojan detection. Traditional SAST tools check syntax; this skill checks **semantics** — whether the code does what it claims to do. It catches operator substitutions, logic inversions, constant manipulation, narrative camouflage, and compound self-masking attacks.
## Capabilities
### Intent vs Implementation Analysis
- Reads function names, docstrings, and variable names to establish **intent**
- Traces code execution to determine **actual behavior**
- Flags any contradiction as a potential trojan indicator
### Mathematical Verification
- Plugs concrete values into changed formulas
- Computes before/after results to quantify impact
- Detects ratio inversions (a/b vs b/a), precision loss (/ vs //), and threshold shifts
### Docstring Contradiction Detection
- Compares narrative claims in comments/docstrings against code behavior
- Detects narrative camouflage where docs are updated to match malicious code
- Cross-references variable naming against mathematical operations
### Test Evasion Analysis
- Reads existing test fixtures to identify blind spots
- Explains why each finding would pass current tests
- Recommends test improvements to prevent recurrence
### Blast Radius Mapping
- Uses grep/ripgrep to find all consumers of changed functions/values
- Maps downstream data flow through the application
- Quantifies the scope of impact (single function → system-wide)
## Input Schema
```json
{
"type": "object",
"required": ["projectRoot", "filePath", "rawDiff"],
"properties": {
"projectRoot": {
"type": "string",
"description": "Absolute path to the project"
},
"projectName": {
"type": "string",
"description": "Project display name"
},
"filePath": {
"type": "string",
"description": "Path to the changed file"
},
"rawDiff": {
"type": "string",
"description": "Raw git diff output for this file"
},
"classification": {
"type": "string",
"description": "Change classification from git forensics (code/config/data-model/cosmetic)"
}
}
}
```
## Output Schema
```json
{
"type": "object",
"required": ["filePath", "verdict", "confidence", "findings"],
"properties": {
"filePath": { "type": "string" },
"verdict": {
"type": "string",
"enum": ["CLEAN", "SUSPICIOUS", "TROJAN_DETECTED"]
},
"confidence": {
"type": "number",
"minimum": 0,
"maximum": 100
},
"findings": {
"type": "array",
"items": {
"type": "object",
"properties": {
"line": { "type": "number" },
"originalCode": { "type": "string" },
"modifiedCode": { "type": "string" },
"signature": { "type": "string" },
"severity": { "type": "string" },
"explanation": { "type": "string" },
"mathematicalImpact": { "type": "string" },
"blastRadius": { "type": "array", "items": { "type": "string" } },
"testEvasionReason": { "type": "string" }
}
}
},
"stealthRating": { "type": "string" }
}
}
```
## Usage Example
```javascript
skill: {
name: 'semantic-code-analyzer',
context: {
projectRoot: '/path/to/project',
filePath: 'backend/app/data/models.py',
rawDiff: '--- a/backend/app/data/models.py\n+++ b/...',
classification: 'data-model'
}
}
```
## Attack Signatures Detected
| Signature | What It Catches |
|-----------|----------------|
| `constant-manipulation` | Threshold/limit changes that disable features |
| `logic-inversion` | Operator flips (< to >, a/b to b/a) |
| `narrative-camouflage` | Docstrings rewritten to match malicious code |
| `edge-case-exploitation` | Corrupted fallback/default paths |
| `self-masking-compound` | Multiple layers hiding each other's impact |
| `precision-truncation` | Division operator swaps losing precision |
| `window-overlap-neutralization` | Comparison windows narrowed until meaningless |
| `calibration-camouflage` | ML hyperparameter degradation |
| `cosmetic-decoy` | Formatting changes hiding semantic modifications |
## Process Files
- `nation-state-trojan-detection.js` — Phase 2: Semantic Analysis (per-file)
- `nation-state-trojan-detection.js` — Phase 3: Compound Analysis (cross-file)Related Skills
terraform-analyzer
Specialized skill for analyzing Terraform configurations. Supports parsing, security scanning (tfsec, checkov), cost estimation (infracost), drift detection, and plan visualization across AWS, Azure, and GCP.
db-query-analyzer
Analyze database query performance with execution plans and index recommendations
code-complexity-analyzer
Analyze code complexity metrics including cyclomatic complexity, code smells, and technical debt
cloudformation-analyzer
Validate and analyze AWS CloudFormation templates for security and best practices
sast-analyzer
Static Application Security Testing orchestration and analysis. Execute Semgrep, Bandit, ESLint security plugins, CodeQL, and other SAST tools. Parse, prioritize, and deduplicate findings across multiple tools with remediation guidance.
crypto-analyzer
Cryptographic implementation analysis and validation for encryption algorithms, key sizes, and certificate management
semver-analyzer
Analyze code changes and determine semantic version bumps. Detect breaking changes automatically, suggest version bump (major/minor/patch), generate changelog entries, and validate version consistency.
api-diff-analyzer
Compare API specifications to detect breaking changes. Compare OpenAPI spec versions, categorize changes by severity, generate migration guides, and block breaking changes in CI.
process-analyzer
Analyze processes, identify workflows, define boundaries and scope, and map process requirements for specialization creation.
scope-logic-analyzer
Test equipment integration for signal analysis (oscilloscope and logic analyzer)
protocol-analyzer
Serial protocol analysis and debugging for common embedded interfaces (I2C, SPI, UART)
time-series-analyzer
Skill for time series analysis and forecasting