@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,527 @@
|
|
|
1
|
+
# Technique Skill Template
|
|
2
|
+
|
|
3
|
+
Use this template for cross-cutting techniques that apply to multiple tools (harness writing, coverage analysis, sanitizers, dictionaries, etc.).
|
|
4
|
+
|
|
5
|
+
## Template Structure
|
|
6
|
+
|
|
7
|
+
```markdown
|
|
8
|
+
---
|
|
9
|
+
name: {technique-name-lowercase}
|
|
10
|
+
type: technique
|
|
11
|
+
description: >
|
|
12
|
+
{Summary of what this technique does}. Use when {trigger conditions}.
|
|
13
|
+
---
|
|
14
|
+
|
|
15
|
+
# {Technique Name}
|
|
16
|
+
|
|
17
|
+
{Brief introduction - what this technique is and why it matters}
|
|
18
|
+
|
|
19
|
+
## Overview
|
|
20
|
+
|
|
21
|
+
{High-level explanation of the technique}
|
|
22
|
+
|
|
23
|
+
### Key Concepts
|
|
24
|
+
|
|
25
|
+
| Concept | Description |
|
|
26
|
+
|---------|-------------|
|
|
27
|
+
| {Concept 1} | {Brief explanation} |
|
|
28
|
+
| {Concept 2} | {Brief explanation} |
|
|
29
|
+
|
|
30
|
+
## When to Apply
|
|
31
|
+
|
|
32
|
+
**Apply this technique when:**
|
|
33
|
+
- {Trigger 1}
|
|
34
|
+
- {Trigger 2}
|
|
35
|
+
- {Trigger 3}
|
|
36
|
+
|
|
37
|
+
**Skip this technique when:**
|
|
38
|
+
- {Skip condition 1}
|
|
39
|
+
- {Skip condition 2}
|
|
40
|
+
|
|
41
|
+
## Quick Reference
|
|
42
|
+
|
|
43
|
+
{Essential commands or patterns in one place}
|
|
44
|
+
|
|
45
|
+
| Task | Command/Pattern |
|
|
46
|
+
|------|-----------------|
|
|
47
|
+
| {Task 1} | `{command or pattern}` |
|
|
48
|
+
| {Task 2} | `{command or pattern}` |
|
|
49
|
+
| {Task 3} | `{command or pattern}` |
|
|
50
|
+
|
|
51
|
+
## Step-by-Step
|
|
52
|
+
|
|
53
|
+
{Detailed workflow for applying this technique}
|
|
54
|
+
|
|
55
|
+
### Step 1: {First Step}
|
|
56
|
+
|
|
57
|
+
{Instructions with code examples}
|
|
58
|
+
|
|
59
|
+
\```{language}
|
|
60
|
+
{Example code}
|
|
61
|
+
\```
|
|
62
|
+
|
|
63
|
+
### Step 2: {Second Step}
|
|
64
|
+
|
|
65
|
+
{Instructions}
|
|
66
|
+
|
|
67
|
+
### Step 3: {Third Step}
|
|
68
|
+
|
|
69
|
+
{Instructions}
|
|
70
|
+
|
|
71
|
+
## Common Patterns
|
|
72
|
+
|
|
73
|
+
{Code patterns that demonstrate this technique}
|
|
74
|
+
|
|
75
|
+
### Pattern: {Pattern Name 1}
|
|
76
|
+
|
|
77
|
+
**Use Case:** {When to use this pattern}
|
|
78
|
+
|
|
79
|
+
**Before:**
|
|
80
|
+
\```{language}
|
|
81
|
+
{Code before applying technique}
|
|
82
|
+
\```
|
|
83
|
+
|
|
84
|
+
**After:**
|
|
85
|
+
\```{language}
|
|
86
|
+
{Code after applying technique}
|
|
87
|
+
\```
|
|
88
|
+
|
|
89
|
+
### Pattern: {Pattern Name 2}
|
|
90
|
+
|
|
91
|
+
**Use Case:** {When to use this pattern}
|
|
92
|
+
|
|
93
|
+
**Before:**
|
|
94
|
+
\```{language}
|
|
95
|
+
{Code before}
|
|
96
|
+
\```
|
|
97
|
+
|
|
98
|
+
**After:**
|
|
99
|
+
\```{language}
|
|
100
|
+
{Code after}
|
|
101
|
+
\```
|
|
102
|
+
|
|
103
|
+
## Advanced Usage
|
|
104
|
+
|
|
105
|
+
### Tips and Tricks
|
|
106
|
+
|
|
107
|
+
{Practical tips from experienced practitioners}
|
|
108
|
+
|
|
109
|
+
| Tip | Why It Helps |
|
|
110
|
+
|-----|--------------|
|
|
111
|
+
| {Tip 1} | {Explanation} |
|
|
112
|
+
| {Tip 2} | {Explanation} |
|
|
113
|
+
| {Tip 3} | {Explanation} |
|
|
114
|
+
|
|
115
|
+
### {Advanced Topic 1}
|
|
116
|
+
|
|
117
|
+
{Details}
|
|
118
|
+
|
|
119
|
+
### {Advanced Topic 2}
|
|
120
|
+
|
|
121
|
+
{Details}
|
|
122
|
+
|
|
123
|
+
## Anti-Patterns
|
|
124
|
+
|
|
125
|
+
{What NOT to do}
|
|
126
|
+
|
|
127
|
+
| Anti-Pattern | Problem | Correct Approach |
|
|
128
|
+
|--------------|---------|------------------|
|
|
129
|
+
| {Bad practice 1} | {Why it's bad} | {What to do instead} |
|
|
130
|
+
| {Bad practice 2} | {Why it's bad} | {What to do instead} |
|
|
131
|
+
| {Bad practice 3} | {Why it's bad} | {What to do instead} |
|
|
132
|
+
|
|
133
|
+
## Tool-Specific Guidance
|
|
134
|
+
|
|
135
|
+
{How this technique applies to specific fuzzers/tools - this is KEY for discoverability}
|
|
136
|
+
|
|
137
|
+
### libFuzzer
|
|
138
|
+
|
|
139
|
+
{Specific guidance for libFuzzer}
|
|
140
|
+
|
|
141
|
+
\```bash
|
|
142
|
+
{libFuzzer-specific command}
|
|
143
|
+
\```
|
|
144
|
+
|
|
145
|
+
**Integration tips:**
|
|
146
|
+
- {Tip specific to libFuzzer}
|
|
147
|
+
- {Tip specific to libFuzzer}
|
|
148
|
+
|
|
149
|
+
### AFL++
|
|
150
|
+
|
|
151
|
+
{Specific guidance for AFL++}
|
|
152
|
+
|
|
153
|
+
\```bash
|
|
154
|
+
{AFL++-specific command}
|
|
155
|
+
\```
|
|
156
|
+
|
|
157
|
+
**Integration tips:**
|
|
158
|
+
- {Tip specific to AFL++}
|
|
159
|
+
- {Tip specific to AFL++}
|
|
160
|
+
|
|
161
|
+
### cargo-fuzz (Rust)
|
|
162
|
+
|
|
163
|
+
{Specific guidance for Rust fuzzing}
|
|
164
|
+
|
|
165
|
+
\```bash
|
|
166
|
+
{cargo-fuzz command}
|
|
167
|
+
\```
|
|
168
|
+
|
|
169
|
+
**Integration tips:**
|
|
170
|
+
- {Tip specific to cargo-fuzz}
|
|
171
|
+
|
|
172
|
+
### go-fuzz (Go)
|
|
173
|
+
|
|
174
|
+
{Specific guidance for Go fuzzing}
|
|
175
|
+
|
|
176
|
+
\```bash
|
|
177
|
+
{go-fuzz command}
|
|
178
|
+
\```
|
|
179
|
+
|
|
180
|
+
### {Other Tool}
|
|
181
|
+
|
|
182
|
+
{Add sections for other relevant tools from handbook}
|
|
183
|
+
|
|
184
|
+
## Troubleshooting
|
|
185
|
+
|
|
186
|
+
| Issue | Cause | Solution |
|
|
187
|
+
|-------|-------|----------|
|
|
188
|
+
| {Issue 1} | {Cause} | {Fix} |
|
|
189
|
+
| {Issue 2} | {Cause} | {Fix} |
|
|
190
|
+
| {Issue 3} | {Cause} | {Fix} |
|
|
191
|
+
|
|
192
|
+
## Related Skills
|
|
193
|
+
|
|
194
|
+
{Links to tools and other techniques - bidirectional references}
|
|
195
|
+
|
|
196
|
+
### Tools That Use This Technique
|
|
197
|
+
|
|
198
|
+
| Skill | How It Applies |
|
|
199
|
+
|-------|----------------|
|
|
200
|
+
| **{fuzzer-skill-1}** | {How this technique is used with this fuzzer} |
|
|
201
|
+
| **{fuzzer-skill-2}** | {How this technique is used with this fuzzer} |
|
|
202
|
+
| **{tool-skill-1}** | {How this technique applies to this tool} |
|
|
203
|
+
|
|
204
|
+
### Related Techniques
|
|
205
|
+
|
|
206
|
+
| Skill | Relationship |
|
|
207
|
+
|-------|--------------|
|
|
208
|
+
| **{technique-skill-1}** | {How they work together - e.g., "Use coverage to identify where harness improvements are needed"} |
|
|
209
|
+
| **{technique-skill-2}** | {Complementary relationship} |
|
|
210
|
+
|
|
211
|
+
## Resources
|
|
212
|
+
|
|
213
|
+
### Key External Resources
|
|
214
|
+
|
|
215
|
+
{For each non-video URL: fetch with WebFetch, summarize key insights}
|
|
216
|
+
|
|
217
|
+
**[{Title 1}]({URL})**
|
|
218
|
+
{Summarized insights from fetched content}
|
|
219
|
+
|
|
220
|
+
### Video Resources
|
|
221
|
+
|
|
222
|
+
{Videos - title and URL only, no fetching}
|
|
223
|
+
|
|
224
|
+
- [{Video Title}]({YouTube/Vimeo URL}) - {Brief description}
|
|
225
|
+
```
|
|
226
|
+
|
|
227
|
+
## Field Extraction Guide
|
|
228
|
+
|
|
229
|
+
| Template Field | Handbook Source |
|
|
230
|
+
|----------------|-----------------|
|
|
231
|
+
| `{technique-name-lowercase}` | Slugified from directory/title |
|
|
232
|
+
| `{Summary}` | From `_index.md` frontmatter or intro |
|
|
233
|
+
| Key Concepts | Extract definitions from handbook |
|
|
234
|
+
| Step-by-Step | Main workflow from handbook |
|
|
235
|
+
| Common Patterns | Code examples from handbook |
|
|
236
|
+
| Tool Integration | From tool-specific subsections |
|
|
237
|
+
| Related Skills | Map to fuzzer and tool skills |
|
|
238
|
+
|
|
239
|
+
## Tool-Specific Section Guide
|
|
240
|
+
|
|
241
|
+
Include tool-specific guidance for tools covered in the handbook:
|
|
242
|
+
|
|
243
|
+
| Language | Tools to Include |
|
|
244
|
+
|----------|------------------|
|
|
245
|
+
| C/C++ | libFuzzer, AFL++, honggfuzz |
|
|
246
|
+
| Rust | cargo-fuzz, libFuzzer |
|
|
247
|
+
| Go | go-fuzz, native fuzzing |
|
|
248
|
+
| Python | Atheris, Hypothesis |
|
|
249
|
+
| JavaScript | jsfuzz |
|
|
250
|
+
|
|
251
|
+
## Related Skills Mapping
|
|
252
|
+
|
|
253
|
+
When generating a technique skill, create bidirectional links:
|
|
254
|
+
|
|
255
|
+
| If Technique Is About | Link To These Skills |
|
|
256
|
+
|-----------------------|---------------------|
|
|
257
|
+
| Harness writing | All fuzzer skills that use harnesses |
|
|
258
|
+
| Sanitizers | All fuzzer skills (they all use sanitizers) |
|
|
259
|
+
| Coverage | Fuzzer skills, static analysis tools |
|
|
260
|
+
| Corpus/dictionaries | All fuzzer skills |
|
|
261
|
+
|
|
262
|
+
## Example: Writing Fuzzing Harnesses
|
|
263
|
+
|
|
264
|
+
```markdown
|
|
265
|
+
---
|
|
266
|
+
name: fuzz-harness-writing
|
|
267
|
+
type: technique
|
|
268
|
+
description: >
|
|
269
|
+
Techniques for writing effective fuzzing harnesses. Use when creating
|
|
270
|
+
new fuzz targets or improving existing harness code.
|
|
271
|
+
---
|
|
272
|
+
|
|
273
|
+
# Writing Fuzzing Harnesses
|
|
274
|
+
|
|
275
|
+
A harness is the entrypoint for your fuzz test. The fuzzer calls this function
|
|
276
|
+
with random data, and the harness routes that data to your code under test.
|
|
277
|
+
|
|
278
|
+
## Overview
|
|
279
|
+
|
|
280
|
+
### Key Concepts
|
|
281
|
+
|
|
282
|
+
| Concept | Description |
|
|
283
|
+
|---------|-------------|
|
|
284
|
+
| Harness | Function that receives fuzzer input and calls target code |
|
|
285
|
+
| SUT | System Under Test - the code being fuzzed |
|
|
286
|
+
| Entry point | Function signature required by the fuzzer |
|
|
287
|
+
|
|
288
|
+
## When to Apply
|
|
289
|
+
|
|
290
|
+
**Apply this technique when:**
|
|
291
|
+
- Creating a new fuzz target
|
|
292
|
+
- Fuzz campaign has low coverage
|
|
293
|
+
- Crashes are not reproducible
|
|
294
|
+
|
|
295
|
+
**Skip this technique when:**
|
|
296
|
+
- Using existing well-tested harnesses
|
|
297
|
+
- Tool provides automatic harness generation
|
|
298
|
+
|
|
299
|
+
## Quick Reference
|
|
300
|
+
|
|
301
|
+
| Task | Pattern |
|
|
302
|
+
|------|---------|
|
|
303
|
+
| Minimal C++ harness | `extern "C" int LLVMFuzzerTestOneInput(const uint8_t*, size_t)` |
|
|
304
|
+
| Minimal Rust harness | `fuzz_target!(|data: &[u8]| { ... })` |
|
|
305
|
+
| Minimal Go harness | `func Fuzz(data []byte) int { ... }` |
|
|
306
|
+
| Size validation | `if (size < MIN) return 0;` |
|
|
307
|
+
|
|
308
|
+
## Step-by-Step
|
|
309
|
+
|
|
310
|
+
### Step 1: Identify Entry Points
|
|
311
|
+
|
|
312
|
+
Find functions that:
|
|
313
|
+
- Accept external input
|
|
314
|
+
- Parse data formats
|
|
315
|
+
- Perform validation
|
|
316
|
+
|
|
317
|
+
### Step 2: Write Minimal Harness
|
|
318
|
+
|
|
319
|
+
\```c++
|
|
320
|
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
321
|
+
target_function(data, size);
|
|
322
|
+
return 0;
|
|
323
|
+
}
|
|
324
|
+
\```
|
|
325
|
+
|
|
326
|
+
### Step 3: Add Input Validation
|
|
327
|
+
|
|
328
|
+
\```c++
|
|
329
|
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
330
|
+
if (size < MIN_SIZE || size > MAX_SIZE) return 0;
|
|
331
|
+
target_function(data, size);
|
|
332
|
+
return 0;
|
|
333
|
+
}
|
|
334
|
+
\```
|
|
335
|
+
|
|
336
|
+
## Common Patterns
|
|
337
|
+
|
|
338
|
+
### Pattern: Size-Bounded Input
|
|
339
|
+
|
|
340
|
+
**Use Case:** When target expects minimum input size
|
|
341
|
+
|
|
342
|
+
**Before:**
|
|
343
|
+
\```c++
|
|
344
|
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
345
|
+
parse_message(data, size); // May crash on tiny inputs
|
|
346
|
+
return 0;
|
|
347
|
+
}
|
|
348
|
+
\```
|
|
349
|
+
|
|
350
|
+
**After:**
|
|
351
|
+
\```c++
|
|
352
|
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
353
|
+
if (size < sizeof(header_t)) return 0; // Skip invalid sizes
|
|
354
|
+
parse_message(data, size);
|
|
355
|
+
return 0;
|
|
356
|
+
}
|
|
357
|
+
\```
|
|
358
|
+
|
|
359
|
+
## Advanced Usage
|
|
360
|
+
|
|
361
|
+
### Tips and Tricks
|
|
362
|
+
|
|
363
|
+
| Tip | Why It Helps |
|
|
364
|
+
|-----|--------------|
|
|
365
|
+
| Start with parsers | High bug density, clear entry points |
|
|
366
|
+
| Use FuzzedDataProvider | Structured data extraction from fuzz input |
|
|
367
|
+
| Mock I/O operations | Prevents hangs, enables determinism |
|
|
368
|
+
|
|
369
|
+
### Structure-Aware Fuzzing
|
|
370
|
+
|
|
371
|
+
{How to use proto definitions, grammars, etc.}
|
|
372
|
+
|
|
373
|
+
## Anti-Patterns
|
|
374
|
+
|
|
375
|
+
| Anti-Pattern | Problem | Correct Approach |
|
|
376
|
+
|--------------|---------|------------------|
|
|
377
|
+
| Global state | Non-deterministic | Reset state in harness |
|
|
378
|
+
| Blocking I/O | Hangs fuzzer | Mock or skip I/O |
|
|
379
|
+
| Memory leaks | Resource exhaustion | Free in harness |
|
|
380
|
+
|
|
381
|
+
## Tool-Specific Guidance
|
|
382
|
+
|
|
383
|
+
### libFuzzer
|
|
384
|
+
|
|
385
|
+
\```c++
|
|
386
|
+
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
|
|
387
|
+
// Your code here
|
|
388
|
+
return 0;
|
|
389
|
+
}
|
|
390
|
+
\```
|
|
391
|
+
|
|
392
|
+
**Integration tips:**
|
|
393
|
+
- Use `FuzzedDataProvider` for structured extraction
|
|
394
|
+
- Compile with `-fsanitize=fuzzer`
|
|
395
|
+
|
|
396
|
+
### AFL++
|
|
397
|
+
|
|
398
|
+
\```c++
|
|
399
|
+
int main(int argc, char **argv) {
|
|
400
|
+
#ifdef __AFL_HAVE_MANUAL_CONTROL
|
|
401
|
+
__AFL_INIT();
|
|
402
|
+
#endif
|
|
403
|
+
|
|
404
|
+
unsigned char *buf = NULL;
|
|
405
|
+
size_t len = 0;
|
|
406
|
+
while (__AFL_LOOP(10000)) {
|
|
407
|
+
// Read from stdin, call target
|
|
408
|
+
}
|
|
409
|
+
return 0;
|
|
410
|
+
}
|
|
411
|
+
\```
|
|
412
|
+
|
|
413
|
+
**Integration tips:**
|
|
414
|
+
- Use persistent mode for performance
|
|
415
|
+
- Consider deferred initialization
|
|
416
|
+
|
|
417
|
+
### cargo-fuzz (Rust)
|
|
418
|
+
|
|
419
|
+
\```rust
|
|
420
|
+
#![no_main]
|
|
421
|
+
use libfuzzer_sys::fuzz_target;
|
|
422
|
+
|
|
423
|
+
fuzz_target!(|data: &[u8]| {
|
|
424
|
+
// Your code here
|
|
425
|
+
});
|
|
426
|
+
\```
|
|
427
|
+
|
|
428
|
+
## Related Skills
|
|
429
|
+
|
|
430
|
+
### Tools That Use This Technique
|
|
431
|
+
|
|
432
|
+
| Skill | How It Applies |
|
|
433
|
+
|-------|----------------|
|
|
434
|
+
| **libfuzzer** | Uses LLVMFuzzerTestOneInput harness signature |
|
|
435
|
+
| **aflpp** | Supports persistent mode harnesses |
|
|
436
|
+
| **cargo-fuzz** | Uses Rust-specific harness macros |
|
|
437
|
+
| **go-fuzz** | Uses Go-specific harness signature |
|
|
438
|
+
|
|
439
|
+
### Related Techniques
|
|
440
|
+
|
|
441
|
+
| Skill | Relationship |
|
|
442
|
+
|-------|--------------|
|
|
443
|
+
| **coverage-analysis** | Measure harness effectiveness |
|
|
444
|
+
| **address-sanitizer** | Detect bugs found by harness |
|
|
445
|
+
| **fuzzing-corpus** | Provide seed inputs to harness |
|
|
446
|
+
|
|
447
|
+
...
|
|
448
|
+
```
|
|
449
|
+
|
|
450
|
+
## Example: AddressSanitizer
|
|
451
|
+
|
|
452
|
+
```markdown
|
|
453
|
+
---
|
|
454
|
+
name: address-sanitizer
|
|
455
|
+
type: technique
|
|
456
|
+
description: >
|
|
457
|
+
Memory error detection for C/C++ fuzzing. Use when fuzzing C/C++ code
|
|
458
|
+
to detect memory corruption bugs like buffer overflows and use-after-free.
|
|
459
|
+
---
|
|
460
|
+
|
|
461
|
+
# AddressSanitizer (ASan)
|
|
462
|
+
|
|
463
|
+
AddressSanitizer is a fast memory error detector for C/C++. It finds buffer
|
|
464
|
+
overflows, use-after-free, and other memory bugs with ~2x slowdown.
|
|
465
|
+
|
|
466
|
+
## Quick Reference
|
|
467
|
+
|
|
468
|
+
| Task | Command |
|
|
469
|
+
|------|---------|
|
|
470
|
+
| Enable ASan (Clang) | `-fsanitize=address` |
|
|
471
|
+
| Enable ASan (GCC) | `-fsanitize=address` |
|
|
472
|
+
| Disable leak detection | `ASAN_OPTIONS=detect_leaks=0` |
|
|
473
|
+
| Increase stack size | `ASAN_OPTIONS=stack_size=...` |
|
|
474
|
+
|
|
475
|
+
## Tool-Specific Guidance
|
|
476
|
+
|
|
477
|
+
### libFuzzer
|
|
478
|
+
|
|
479
|
+
\```bash
|
|
480
|
+
clang++ -fsanitize=fuzzer,address -g harness.cc -o fuzz
|
|
481
|
+
\```
|
|
482
|
+
|
|
483
|
+
**Integration tips:**
|
|
484
|
+
- Always combine with fuzzer sanitizer
|
|
485
|
+
- Use `-g` for better stack traces
|
|
486
|
+
|
|
487
|
+
### AFL++
|
|
488
|
+
|
|
489
|
+
\```bash
|
|
490
|
+
AFL_USE_ASAN=1 afl-clang-fast++ -g harness.cc -o fuzz
|
|
491
|
+
\```
|
|
492
|
+
|
|
493
|
+
**Integration tips:**
|
|
494
|
+
- Use `AFL_USE_ASAN` environment variable
|
|
495
|
+
- Consider memory limits with `AFL_MAP_SIZE`
|
|
496
|
+
|
|
497
|
+
## Related Skills
|
|
498
|
+
|
|
499
|
+
### Tools That Use This Technique
|
|
500
|
+
|
|
501
|
+
| Skill | How It Applies |
|
|
502
|
+
|-------|----------------|
|
|
503
|
+
| **libfuzzer** | Compile with `-fsanitize=fuzzer,address` |
|
|
504
|
+
| **aflpp** | Use `AFL_USE_ASAN=1` |
|
|
505
|
+
| **honggfuzz** | Compile with `-fsanitize=address` |
|
|
506
|
+
|
|
507
|
+
### Related Techniques
|
|
508
|
+
|
|
509
|
+
| Skill | Relationship |
|
|
510
|
+
|-------|--------------|
|
|
511
|
+
| **undefined-behavior-sanitizer** | Often used together for comprehensive detection |
|
|
512
|
+
| **fuzz-harness-writing** | Harness must handle ASan-detected crashes |
|
|
513
|
+
| **coverage-analysis** | Coverage guides fuzzer to trigger ASan errors |
|
|
514
|
+
|
|
515
|
+
...
|
|
516
|
+
```
|
|
517
|
+
|
|
518
|
+
## Notes
|
|
519
|
+
|
|
520
|
+
- Technique skills should be tool-agnostic in overview, tool-specific in guidance
|
|
521
|
+
- ALWAYS include Tool-Specific Guidance section for major tools
|
|
522
|
+
- ALWAYS include Related Skills with bidirectional links
|
|
523
|
+
- Include Tips and Tricks in Advanced Usage section
|
|
524
|
+
- Link to related technique skills
|
|
525
|
+
- Keep under 500 lines
|
|
526
|
+
- Fetch non-video external resources with WebFetch, extract key insights
|
|
527
|
+
- For videos (YouTube, Vimeo): include title/URL only, do not fetch
|