Harness Writing
技能 活跃Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving existing harness code.
To help users create robust and efficient fuzzing harnesses that maximize code coverage and bug detection.
功能
- Techniques for writing fuzzing harnesses
- Language-specific guidance (C++, Rust, Go)
- Structured input handling with FuzzedDataProvider and arbitrary
- Step-by-step implementation guides
- Troubleshooting and anti-pattern identification
使用场景
- Creating new fuzz targets for software projects
- Improving code coverage and bug detection in existing fuzzing campaigns
- Developing harnesses for complex or structured input APIs
- Reproducing and debugging fuzzing-found crashes
非目标
- Providing a specific fuzzer tool
- Generating harnesses automatically for all use cases
- Fuzzing without understanding the target application's API
Trust
- warning:Issues AttentionThere are 13 open issues and 4 closed issues in the last 90 days, indicating a slow response rate.
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install testing-handbook-skills@trailofbits质量评分
类似扩展
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Fixflow
100使用严格的交付工作流执行编码任务:构建完整计划、分步实现、持续运行测试,并默认在每一步 (`per_step`) 后提交。当用户要求行为驱动交付或需求不明确时,支持显式提交策略覆盖 (`final_only`, `milestone`) 和可选的 BDD(给定/当/则)。
Definition Of Done
100Mandatory checks to run before completing any task that touches md files or dart code in this repository.
Ship Gate
100Pre-production audit that scans a codebase for security, database, deployment, code quality, AI/LLM, dependency, frontend, and observability issues. Intercepts deploy commands and blocks until critical items pass. Stack-agnostic. Use for "run ship gate", "am I ready to ship", "pre-launch audit", "can I deploy", "push to production", "go live checklist", "preflight check". Not for CI/CD setup or infra provisioning.
Senior Backend Engineer
100Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.