@elizaos/skills 2.0.0-alpha.3

package/skills/security-modern-python/skills/modern-python/references/testing.md

@@ -0,0 +1,284 @@
+# Testing with pytest
+
+Configuration and best practices for pytest with coverage enforcement.
+
+## Setup
+
+Add test dependencies:
+
+```bash
+uv add --group test pytest pytest-cov hypothesis
+```
+
+## pyproject.toml Configuration
+
+```toml
+[tool.pytest]
+testpaths = ["tests"]
+pythonpath = ["src"]
+addopts = [
+    "-ra",                      # Show summary of all test outcomes
+    "--strict-markers",         # Error on unknown markers
+    "--strict-config",          # Error on config issues
+    "--cov=myproject",          # Coverage for package
+    "--cov-report=term-missing", # Show missing lines
+    "--cov-fail-under=80",      # Minimum coverage
+]
+markers = [
+    "slow: marks tests as slow",
+    "integration: marks integration tests",
+]
+filterwarnings = [
+    "error",                    # Treat warnings as errors
+    "ignore::DeprecationWarning:third_party.*",
+]
+
+[tool.coverage.run]
+branch = true
+source = ["src/myproject"]
+omit = [
+    "*/__main__.py",
+    "*/conftest.py",
+]
+
+[tool.coverage.report]
+exclude_lines = [
+    "pragma: no cover",
+    "if TYPE_CHECKING:",
+    "if __name__ == .__main__.:",
+    "raise NotImplementedError",
+    "@abstractmethod",
+]
+fail_under = 80
+show_missing = true
+```
+
+## Project Structure
+
+```
+myproject/
+├── src/
+│   └── myproject/
+│       ├── __init__.py
+│       └── core.py
+├── tests/
+│   ├── __init__.py
+│   ├── conftest.py          # Shared fixtures
+│   ├── test_core.py
+│   └── integration/
+│       └── test_api.py
+└── pyproject.toml
+```
+
+## Running Tests
+
+```bash
+# Run all tests
+uv run pytest
+
+# Run with verbose output
+uv run pytest -v
+
+# Run specific file
+uv run pytest tests/test_core.py
+
+# Run specific test
+uv run pytest tests/test_core.py::test_function_name
+
+# Run tests matching pattern
+uv run pytest -k "test_parse"
+
+# Run marked tests
+uv run pytest -m "not slow"
+
+# Stop on first failure
+uv run pytest -x
+
+# Run last failed
+uv run pytest --lf
+```
+
+## Coverage Commands
+
+```bash
+# Run with coverage
+uv run pytest --cov=myproject
+
+# Generate HTML report
+uv run pytest --cov=myproject --cov-report=html
+open htmlcov/index.html
+
+# Coverage without running tests (use existing data)
+uv run coverage report
+uv run coverage html
+```
+
+## Writing Tests
+
+### Basic Test
+
+```python
+# tests/test_core.py
+from myproject.core import add_numbers
+
+def test_add_numbers():
+    assert add_numbers(2, 3) == 5
+
+def test_add_negative():
+    assert add_numbers(-1, 1) == 0
+```
+
+### Using Fixtures
+
+```python
+# tests/conftest.py
+import pytest
+from myproject.db import Database
+
+@pytest.fixture
+def db():
+    """Provide a test database."""
+    database = Database(":memory:")
+    database.init()
+    yield database
+    database.close()
+
+@pytest.fixture
+def sample_data(db):
+    """Populate database with sample data."""
+    db.insert({"name": "test"})
+    return db
+```
+
+```python
+# tests/test_db.py
+def test_query(sample_data):
+    result = sample_data.query("test")
+    assert result is not None
+```
+
+### Parametrized Tests
+
+```python
+import pytest
+
+@pytest.mark.parametrize("input,expected", [
+    ("hello", 5),
+    ("", 0),
+    ("test", 4),
+])
+def test_string_length(input, expected):
+    assert len(input) == expected
+```
+
+### Testing Exceptions
+
+```python
+import pytest
+from myproject.core import divide
+
+def test_divide_by_zero():
+    with pytest.raises(ZeroDivisionError):
+        divide(1, 0)
+
+def test_divide_by_zero_message():
+    with pytest.raises(ZeroDivisionError, match="division by zero"):
+        divide(1, 0)
+```
+
+### Async Tests
+
+```bash
+uv add --group test pytest-asyncio
+```
+
+```python
+import pytest
+
+@pytest.mark.asyncio
+async def test_async_function():
+    result = await fetch_data()
+    assert result is not None
+```
+
+## Property-Based Testing with Hypothesis
+
+```bash
+uv add --group test hypothesis
+```
+
+```python
+from hypothesis import given, strategies as st
+from myproject.core import reverse_string
+
+@given(st.text())
+def test_reverse_is_reversible(s):
+    assert reverse_string(reverse_string(s)) == s
+
+@given(st.integers(), st.integers())
+def test_add_commutative(a, b):
+    assert add(a, b) == add(b, a)
+```
+
+## Markers
+
+```python
+import pytest
+
+@pytest.mark.slow
+def test_slow_operation():
+    # Long running test
+    pass
+
+@pytest.mark.integration
+def test_api_call():
+    # Requires external service
+    pass
+
+@pytest.mark.skip(reason="Not implemented yet")
+def test_future_feature():
+    pass
+
+@pytest.mark.skipif(sys.platform == "win32", reason="Unix only")
+def test_unix_feature():
+    pass
+```
+
+## CI Configuration
+
+```yaml
+# GitHub Actions
+- name: Checkout
+  uses: actions/checkout@<sha>  # <latest> https://github.com/actions/checkout/releases
+
+- name: Run tests
+  run: |
+    uv sync --group test
+    uv run pytest --cov-report=xml
+
+- name: Security audit
+  run: |
+    uv sync --group audit
+    uv run pip-audit
+
+- name: Upload coverage
+  uses: codecov/codecov-action@<sha>  # <latest> https://github.com/codecov/codecov-action/releases
+  with:
+    files: ./coverage.xml
+```
+
+## Makefile Target
+
+```makefile
+.PHONY: test
+
+test:
+	uv run pytest
+
+test-cov:
+	uv run pytest --cov-report=html
+	open htmlcov/index.html
+
+test-fast:
+	uv run pytest -x -q --no-cov
+```

package/skills/security-modern-python/skills/modern-python/references/uv-commands.md

@@ -0,0 +1,200 @@
+# uv Command Reference
+
+`uv` is an extremely fast Python package and project manager written in Rust. It replaces pip, virtualenv, pip-tools, pipx, and pyenv.
+
+**Key principle:** Always use `uv run` to execute commands. Never manually activate virtual environments.
+
+## Installation
+
+```bash
+# macOS/Linux
+curl -LsSf https://astral.sh/uv/install.sh | sh
+
+# Windows
+powershell -ExecutionPolicy ByPass -c "irm https://astral.sh/uv/install.ps1 | iex"
+
+# Homebrew
+brew install uv
+
+# pipx
+pipx install uv
+```
+
+## Project Commands
+
+### Initialize Projects
+
+| Command | Description |
+|---------|-------------|
+| `uv init` | Create new project (application) |
+| `uv init --package` | Create distributable package with src/ layout |
+| `uv init --lib` | Create library package |
+| `uv init --script file.py` | Create script with PEP 723 metadata |
+
+### Dependency Management
+
+| Command | Description |
+|---------|-------------|
+| `uv add <pkg>` | Add dependency to project |
+| `uv add <pkg> --group dev` | Add to dependency group |
+| `uv add <pkg> --optional feature` | Add to optional dependency |
+| `uv remove <pkg>` | Remove dependency |
+| `uv lock` | Update lock file without installing |
+
+### Environment Management
+
+uv manages virtual environments automatically. Do not manually create or activate venvs.
+
+| Command | Description |
+|---------|-------------|
+| `uv sync` | Install dependencies (creates venv if needed) |
+| `uv sync --all-groups` | Install all dependency groups |
+| `uv sync --group dev` | Install specific group |
+| `uv sync --frozen` | Install from lock file exactly |
+
+### Running Code
+
+| Command | Description |
+|---------|-------------|
+| `uv run <cmd>` | Run command in project venv |
+| `uv run python script.py` | Run Python script |
+| `uv run pytest` | Run pytest |
+| `uv run --with pkg cmd` | Run with temporary dependency |
+
+### Building & Publishing
+
+| Command | Description |
+|---------|-------------|
+| `uv build` | Build wheel and sdist |
+| `uv build --wheel` | Build wheel only |
+| `uv build --sdist` | Build sdist only |
+| `uv publish` | Publish to PyPI |
+| `uv publish --token $TOKEN` | Publish with API token |
+
+## Tool Commands
+
+Run Python tools without installing globally:
+
+```bash
+# Run any tool
+uv tool run ruff check .
+uvx ruff check .  # shorthand
+
+# Install tool globally
+uv tool install ruff
+
+# List installed tools
+uv tool list
+
+# Upgrade tool
+uv tool upgrade ruff
+```
+
+## Python Version Management
+
+```bash
+# Install Python version
+uv python install 3.12
+
+# List available versions
+uv python list
+
+# Pin project to Python version
+uv python pin 3.12
+
+# Use specific version
+uv run --python 3.11 pytest
+```
+
+## Script Commands (PEP 723)
+
+```bash
+# Create script with inline metadata
+uv init --script myscript.py
+
+# Add dependency to script
+uv add --script myscript.py requests
+
+# Run script (auto-installs deps)
+uv run myscript.py
+```
+
+## Common Workflows
+
+### New Application Project
+
+```bash
+uv init myapp
+cd myapp
+uv add fastapi uvicorn
+uv add --group dev ruff pytest
+uv sync --all-groups
+uv run uvicorn myapp:app
+```
+
+### New Library Package
+
+```bash
+uv init --package mylib
+cd mylib
+uv add --group dev ruff pytest pytest-cov
+uv add --group docs sphinx
+uv sync --all-groups
+uv run pytest
+uv build
+```
+
+### Add Tool to Existing Project
+
+```bash
+cd existing-project
+uv add --group dev ruff
+uv run ruff check .
+```
+
+### One-off Script Execution
+
+```bash
+# Run script with dependencies (no project needed)
+uv run --with requests --with rich script.py
+
+# Or use PEP 723 inline metadata
+uv run script_with_metadata.py
+```
+
+## Environment Variables
+
+| Variable | Description |
+|----------|-------------|
+| `UV_CACHE_DIR` | Cache directory location |
+| `UV_NO_CACHE` | Disable caching |
+| `UV_PYTHON` | Default Python version |
+| `UV_PROJECT` | Project directory path |
+| `UV_PROJECT_ENVIRONMENT` | Custom venv directory (e.g., `.venv-dev`) |
+| `UV_SYSTEM_PYTHON` | Use system Python |
+
+## Container/Host Development
+
+When developing on a host machine while also running in containers, you can use separate venvs to avoid rebuilding on each context switch:
+
+```bash
+# On host machine (add to shell profile or .envrc)
+export UV_PROJECT_ENVIRONMENT=.venv-dev
+
+# Now host uses .venv-dev, containers use default .venv
+uv sync  # creates .venv-dev on host
+```
+
+Add both to `.gitignore`:
+```
+.venv/
+.venv-dev/
+```
+
+This avoids rebuilding the venv when switching between host and container (different OS, Python versions, or native dependencies).
+
+## Performance Tips
+
+- uv caches aggressively; first install may be slower
+- Use `uv sync --frozen` in CI for reproducible builds
+- Use `uv cache clean` if cache grows too large

package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml

@@ -0,0 +1,36 @@
+# Dependabot configuration for Python projects
+# Copy to .github/dependabot.yml
+#
+# See references/dependabot.md for advanced configuration.
+
+version: 2
+updates:
+  # Python dependencies (pyproject.toml, requirements.txt)
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: weekly
+    # 7-day cooldown: don't update packages published < 7 days ago
+    # Mitigates supply chain attacks via malicious updates
+    cooldown:
+      default-days: 7
+    # Group minor/patch updates to reduce PR noise
+    groups:
+      dev-dependencies:
+        dependency-type: development
+        update-types: [minor, patch]
+      production-dependencies:
+        dependency-type: production
+        update-types: [patch]
+
+  # GitHub Actions
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    cooldown:
+      default-days: 7
+    groups:
+      actions:
+        patterns: ["*"]
+        update-types: [minor, patch]

package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml

@@ -0,0 +1,66 @@
+# Pre-commit configuration for Python projects
+# Copy to your repo root as .pre-commit-config.yaml
+#
+# IMPORTANT: Replace all <latest> placeholders with actual versions.
+# Check each linked releases page for current stable versions.
+#
+# Usage:
+#   prek install        # Install git hooks
+#   prek run --all-files  # Run on all files
+#
+# See references/prek.md for more commands.
+
+default_language_version:
+  python: python3.12
+
+repos:
+  # === Code Quality ===
+
+  # Ruff - linting and formatting (replaces black, isort, flake8, pylint)
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: <latest>  # https://github.com/astral-sh/ruff-pre-commit/releases
+    hooks:
+      - id: ruff
+        args: [--fix]
+      - id: ruff-format
+
+  # === General File Checks ===
+  # prek builtin hooks - faster, no external deps
+  - repo: builtin
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+      - id: check-toml
+      - id: check-merge-conflict
+
+  # === Security Hooks ===
+  # See references/security-setup.md for detailed guidance on each hook.
+
+  # Shell script linting - catches unquoted vars, undefined vars, deprecated syntax
+  - repo: https://github.com/koalaman/shellcheck-precommit
+    rev: <latest>  # https://github.com/koalaman/shellcheck-precommit/tags
+    hooks:
+      - id: shellcheck
+        args: [--severity=error]
+
+  # Secret detection - prevents committing API keys, passwords, tokens
+  # Run `detect-secrets scan > .secrets.baseline` before first commit
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: <latest>  # https://github.com/Yelp/detect-secrets/releases
+    hooks:
+      - id: detect-secrets
+        args: [--baseline, .secrets.baseline]
+
+  # GitHub Actions linting - catches syntax errors, invalid refs
+  - repo: https://github.com/rhysd/actionlint
+    rev: <latest>  # https://github.com/rhysd/actionlint/releases
+    hooks:
+      - id: actionlint
+
+  # GitHub Actions security audit - excessive permissions, injection risks
+  - repo: https://github.com/zizmorcore/zizmor-pre-commit
+    rev: <latest>  # https://github.com/zizmorcore/zizmor-pre-commit/releases
+    hooks:
+      - id: zizmor
+        args: [--persona=regular, --min-severity=medium, --min-confidence=medium]

package/skills/security-property-based-testing/.claude-plugin/plugin.json

@@ -0,0 +1,9 @@
+{
+  "name": "property-based-testing",
+  "version": "1.0.0",
+  "description": "Property-based testing guidance for multiple languages and smart contracts",
+  "author": {
+    "name": "Henrik Brodin",
+    "url": "https://github.com/trailofbits"
+  }
+}

package/skills/security-property-based-testing/README.md

@@ -0,0 +1,47 @@
+# Property-Based Testing
+
+Property-based testing guidance for multiple languages and smart contracts.
+
+## Installation
+
+This plugin is part of the Trail of Bits Skills marketplace.
+
+### Via Marketplace (Recommended)
+
+```
+/plugin marketplace add trailofbits/skills
+/plugin menu
+```
+
+Then select the `property-based-testing` plugin to install.
+
+### Manual Installation
+
+```
+/plugin install trailofbits/skills/plugins/property-based-testing
+```
+
+## What's Included
+
+This plugin provides a skill that helps Claude Code proactively suggest and write property-based tests when it detects suitable patterns in your code:
+
+- **Serialization pairs**: encode/decode, serialize/deserialize, toJSON/fromJSON
+- **Parsers**: URL parsing, config parsing, protocol parsing
+- **Normalization**: normalize, sanitize, clean, canonicalize
+- **Validators**: is_valid, validate, check_*
+- **Data structures**: Custom collections with add/remove/get operations
+- **Mathematical/algorithmic**: Pure functions, sorting, ordering
+- **Smart contracts**: Solidity/Vyper contracts, token operations, state invariants
+
+## Supported Languages
+
+- Python (Hypothesis)
+- JavaScript/TypeScript (fast-check)
+- Rust (proptest, quickcheck)
+- Go (rapid, gopter)
+- Java (jqwik)
+- Scala (ScalaCheck)
+- Solidity/Vyper (Echidna, Medusa)
+- And many more...
+
+See `skills/property-based-testing/references/libraries.md` for the complete list.