Skip to main content

Atheris

Skill Active
Part of:Testing Handbook Skills

Atheris is a coverage-guided Python fuzzer based on libFuzzer. Use for fuzzing pure Python code and Python C extensions.

Purpose

To provide developers and security researchers with a powerful, coverage-guided fuzzing tool specifically designed for Python code and its C extensions, enabling the discovery of bugs and memory corruption issues.

Features

  • Coverage-guided fuzzing for Python code
  • Fuzzing for Python C extensions
  • Integration with libFuzzer
  • AddressSanitizer support for memory corruption detection
  • Comprehensive installation and setup instructions, including Docker

Use Cases

  • Fuzzing pure Python libraries and applications
  • Identifying memory corruption bugs in Python C extensions
  • Integrating fuzzing into CI/CD pipelines
  • Testing Python code for security vulnerabilities

Non-Goals

  • Property-based testing for complex data structures (consider Hypothesis)
  • General-purpose static analysis (focus is dynamic testing)
  • Fuzzing of non-Python codebases (use language-specific tools)

Workflow

  1. Install Atheris and necessary build tools (compiler, Python).
  2. Write a fuzzing harness function decorated with `@atheris.instrument_func`.
  3. Set up the Python environment, potentially using the provided Dockerfile.
  4. Execute the fuzzer using `python <your_script.py>`.
  5. Interpret fuzzer output for crashes, coverage increases, and potential bugs.

Practices

  • Fuzzing
  • Code Auditing
  • Security Testing

Prerequisites

  • Python 3.7 or later
  • Recent version of clang
  • Docker (recommended)

Trust

  • warning:Issues AttentionIn the last 90 days, 13 issues were opened and 4 were closed, indicating a low closure rate (30.8%) and potentially slow maintainer response.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Quality Score

96 /100
Analyzed about 13 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Senior Backend Engineer

100

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

Skill
alirezarezvani

Metal

100

Extract the conceptual essence of a repository as skills, agents, and teams — the project's roles, procedures, and coordination patterns expressed as agentskills.io-standard definitions. Reads an arbitrary codebase and produces generalized definitions that capture WHAT the project does and WHO operates it, without replicating HOW it does it. Use when onboarding to a new codebase and wanting to understand its conceptual architecture, when bootstrapping an agentic system from an existing project, when studying a project's organizational DNA for cross-pollination, or when creating a skill/agent/team library inspired by a reference implementation.

Skill
pjt222

Lean Ctx

100

Context Runtime for AI Agents — 59 MCP tools, 10 read modes, 95+ shell patterns, tree-sitter AST for 18 languages. Compresses LLM context by up to 99%. Use when reading files, running shell commands, searching code, or exploring directories. Auto-installs if not present.

Skill
yvgude

Pathfinder

100

Map a codebase into feature-grouped flowcharts, identify duplicated concerns across features, and propose a unified architecture. Use when asked to "find the ideal path," unify duplicated systems, or audit architecture before a refactor. Emits a proposed unified flowchart plus per-system /make-plan prompts.

Skill
thedotmack

Codacy Audit

100

Codacy Cloud workflow for this repository -- run Codacy's analyzers locally before `git push` (mirrors what Codacy CI runs), and fetch/cluster Codacy issues for any PR via the v3 API. Use when the user mentions Codacy, "codacy analysis", `codacy-analysis-cli`, "codacy issues on PR", "fix codacy CI", "codacy markdownlint findings", or any Codacy gate failing on a netdata-org PR. Ships scripts analyze-local.sh (docker/binary runner for codacy-analysis-cli) and pr-issues.sh (paginated v3 issue fetch + group-by tool/pattern/severity/file). Token-safe -- CODACY_TOKEN never reaches assistant-visible stdout. Read-only by design in the current SOW; write actions (mark FP, mark fixed) are deferred.

Skill
netdata

Domain Extract

100

Extract domain knowledge from existing project sources and generate domain rules. Also handles vault sync and domain listing.

Skill
luiseiman

© 2025 SkillRepo · Find the right skill, skip the noise.