> testing-handbook-skills
Application security testing toolkit from the Trail of Bits Testing Handbook. Helps the agent set up fuzzing campaigns, write fuzz harnesses, run coverage-guided fuzzers (libFuzzer, AFL++, cargo-fuzz, Atheris, Ruzzy), and triage crashes. Covers memory-safety sanitizers (AddressSanitizer, UBSan, MSan), static analysis with Semgrep and CodeQL, cryptographic validation using Wycheproof test vectors, and constant-time verification. Use when testing C, C++, Rust, Python, or Ruby code for vulnerabilit
curl "https://skillshub.wtf/elizaOS/eliza/testing-handbook-skills?format=md"Testing Handbook Skills
Comprehensive security testing toolkit generated from the Trail of Bits Application Security Testing Handbook.
When to Use
- Setting up fuzzing campaigns for C/C++, Rust, Python, or Ruby
- Writing fuzzing harnesses for target functions
- Analyzing code coverage to guide testing
- Running sanitizers (AddressSanitizer, UBSan, MSan) to catch memory bugs
- Performing constant-time testing for cryptographic code
- Using Wycheproof test vectors for crypto validation
When NOT to Use
- Smart contract auditing (use security-building-secure-contracts)
- Writing custom Semgrep rules (use semgrep-rule-creator)
- General code review (use security-differential-review)
- Vulnerability hunting without a testing plan (use audit-context-building first)
Sub-Skills (17 total)
Fuzzers
| Fuzzer | Language | Best For | Skill Path |
|---|---|---|---|
| libFuzzer | C/C++ | LLVM-based coverage-guided fuzzing | skills/libfuzzer/SKILL.md |
| AFL++ | C/C++ | Advanced mutation-based fuzzing | skills/aflpp/SKILL.md |
| libAFL | C/C++ | LibAFL-based custom fuzzers | skills/libafl/SKILL.md |
| cargo-fuzz | Rust | Rust native fuzzing with libFuzzer backend | skills/cargo-fuzz/SKILL.md |
| Atheris | Python | Python coverage-guided fuzzing | skills/atheris/SKILL.md |
| Ruzzy | Ruby | Ruby coverage-guided fuzzing | skills/ruzzy/SKILL.md |
Techniques
| Technique | Purpose | Skill Path |
|---|---|---|
| Harness Writing | Writing effective fuzzing harnesses | skills/harness-writing/SKILL.md |
| Coverage Analysis | Measuring and improving code coverage | skills/coverage-analysis/SKILL.md |
| Fuzzing Dictionary | Creating effective fuzzing dictionaries | skills/fuzzing-dictionary/SKILL.md |
| Fuzzing Obstacles | Overcoming common fuzzing barriers | skills/fuzzing-obstacles/SKILL.md |
| AddressSanitizer | Memory error detection with ASan | skills/address-sanitizer/SKILL.md |
Static Analysis
| Tool | Purpose | Skill Path |
|---|---|---|
| Semgrep | Fast pattern-matching security scans | skills/semgrep/SKILL.md |
| CodeQL | Deep semantic code analysis | skills/codeql/SKILL.md |
Cryptographic Testing
| Tool | Purpose | Skill Path |
|---|---|---|
| Wycheproof | Test vectors for crypto implementations | skills/wycheproof/SKILL.md |
| Constant-Time Testing | Verify constant-time crypto properties | skills/constant-time-testing/SKILL.md |
Infrastructure
| Tool | Purpose | Skill Path |
|---|---|---|
| OSS-Fuzz | Google's continuous fuzzing service | skills/ossfuzz/SKILL.md |
Meta
| Tool | Purpose | Skill Path |
|---|---|---|
| Generator | Generate new skills from the Testing Handbook | skills/testing-handbook-generator/SKILL.md |
Workflow
Starting a fuzzing campaign
- Choose a fuzzer based on your target language (see Fuzzers table)
- Write a harness using the harness-writing skill
- Build with sanitizers (AddressSanitizer recommended as baseline)
- Create a seed corpus with representative inputs
- Run the campaign and monitor coverage
- Analyze coverage to find uncovered code and improve the harness
- Triage crashes and deduplicate findings
Setting up CI/CD testing
- OSS-Fuzz for open-source projects (continuous fuzzing)
- Semgrep + CodeQL for static analysis in PRs
- Wycheproof test vectors for crypto validation
Quick Start by Language
| Language | Fuzzer | Harness | Sanitizer |
|---|---|---|---|
| C/C++ | libFuzzer or AFL++ | LLVMFuzzerTestOneInput | ASan + UBSan |
| Rust | cargo-fuzz | fuzz_target! macro | Built-in sanitizers |
| Python | Atheris | atheris.FuzzedDataProvider | N/A |
| Ruby | Ruzzy | ruzzy harness pattern | N/A |
Source Material
Generated from the Trail of Bits Application Security Testing Handbook using the testing-handbook-generator meta-skill.
> related_skills --same-repo
> yara-rule-authoring
Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.
> weather
Get current weather and forecasts (no API key required). Use when the user asks about the weather, temperature, forecast, wind, humidity, or climate conditions for a city or location. Fetches real-time weather data from free services using curl.
> wacli
Send WhatsApp messages to other people or search/sync WhatsApp history via the wacli CLI (not for normal user chats). Use when the user asks to send a WhatsApp message, text someone on WhatsApp, search WhatsApp chat history, sync WhatsApp conversations, backfill message history, or forward a file via WhatsApp to a third party.
> voice-call
Initiates, manages, and inspects voice calls through the Otto voice-call plugin using Twilio, Telnyx, Plivo, or mock providers. Supports starting outbound calls, continuing conversations, speaking messages, ending calls, and checking call status. Use when the user wants to make a phone call, dial a number, place a voice call, check call status, send a voice message, or speak to someone over the phone.