Harness Writing
Skill AktivTechniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving existing harness code.
To help users create robust and efficient fuzzing harnesses that maximize code coverage and bug detection.
Funktionen
- Techniques for writing fuzzing harnesses
- Language-specific guidance (C++, Rust, Go)
- Structured input handling with FuzzedDataProvider and arbitrary
- Step-by-step implementation guides
- Troubleshooting and anti-pattern identification
Anwendungsfälle
- Creating new fuzz targets for software projects
- Improving code coverage and bug detection in existing fuzzing campaigns
- Developing harnesses for complex or structured input APIs
- Reproducing and debugging fuzzing-found crashes
Nicht-Ziele
- Providing a specific fuzzer tool
- Generating harnesses automatically for all use cases
- Fuzzing without understanding the target application's API
Trust
- warning:Issues AttentionThere are 13 open issues and 4 closed issues in the last 90 days, indicating a slow response rate.
Installation
Zuerst Marketplace hinzufügen
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbitsQualitätspunktzahl
Vertrauenssignale
Ähnliche Erweiterungen
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Fixflow
100Führen Sie Codierungsaufgaben mit einem strengen Liefer-Workflow aus: Erstellen Sie einen vollständigen Plan, implementieren Sie Schritt für Schritt, führen Sie kontinuierlich Tests durch und committen Sie standardmäßig nach jedem Schritt (`per_step`). Unterstützt explizite Commit-Policy-Überschreibungen (`final_only`, `milestone`) und optional BDD (Given/When/Then), wenn Benutzer verhaltensgesteuerte Bereitstellung anfordern oder Anforderungen unklar sind.
Definition Of Done
100Mandatory checks to run before completing any task that touches md files or dart code in this repository.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.