Skip to main content

Cargo Fuzz

Skill Active
Part of:Testing Handbook Skills

cargo-fuzz is the de facto fuzzing tool for Rust projects using Cargo. Use for fuzzing Rust code with libFuzzer backend.

Purpose

To enable developers to efficiently fuzz Rust codebases using Cargo, identify bugs and security vulnerabilities, and improve code robustness.

Features

  • Setup and installation of cargo-fuzz
  • Writing fuzzing harnesses
  • Running fuzzing campaigns
  • Integrating with sanitizers (ASan)
  • Coverage analysis

Use Cases

  • When developing new Rust projects and wanting to ensure code quality and security from the start.
  • When identifying bugs or security vulnerabilities in existing Rust code.
  • When needing to fuzz complex Rust libraries or applications that use Cargo.

Non-Goals

  • Fuzzing non-Rust projects or projects not using Cargo.
  • Providing a backend other than libFuzzer.
  • Replacing dedicated fuzzing platforms for extremely large-scale or complex distributed fuzzing campaigns (though it can be run in parallel).

Trust

  • warning:Issues Attention13 issues opened and 4 closed in the last 90 days indicates a closure rate below 50% and a significant number of open issues.

Documentation

  • info:READMEA README file exists and provides installation instructions and an overview of available plugins, but does not specifically detail the cargo-fuzz skill's functionality.

Installation

First, add the marketplace

/plugin marketplace add trailofbits/skills
/plugin install testing-handbook-skills@trailofbits

Quality Score

94 /100
Analyzed about 15 hours ago

Trust Signals

Last commit3 days ago
GitHub owner trailofbits (opens in new tab)
Stars5.2k
LicenseCC-BY-SA-4.0
Status
View Source

Similar Extensions

Senior Backend Engineer

100

Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.

Skill
alirezarezvani

Lean Ctx

100

Context Runtime for AI Agents — 59 MCP tools, 10 read modes, 95+ shell patterns, tree-sitter AST for 18 languages. Compresses LLM context by up to 99%. Use when reading files, running shell commands, searching code, or exploring directories. Auto-installs if not present.

Skill
yvgude

Cleanup Cycles

100

Detect and untangle circular dependencies. Runs madge/skott (TS), pycycle (Py), or compiler-only checks (Go/Rust). Auto-fixes leaf-extractable cycles; reports core cycles for human review. Use when the user asks to find circular imports, fix dependency cycles, or untangle module graph. Example queries — "find circular imports", "fix dependency cycles", "untangle our module graph", "why is madge complaining".

Skill
raintree-technology

Running Tend

100

Worktrunk-specific guidance for tend CI workflows. Adds codecov polling, Rust test commands, labels, and review criteria on top of the generic tend-* skills. Use when operating in CI.

Skill
max-sixty

Secrets Management

100

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Skill
wshobson

Semgrep Rule Creator

100

Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.

Skill
trailofbits

© 2025 SkillRepo · Find the right skill, skip the noise.