@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md
ADDED
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
# PBT Libraries by Language
|
|
2
|
+
|
|
3
|
+
## Quick Reference
|
|
4
|
+
|
|
5
|
+
| Language | Library | Import/Setup |
|
|
6
|
+
|----------|---------|--------------|
|
|
7
|
+
| Python | Hypothesis | `from hypothesis import given, strategies as st` |
|
|
8
|
+
| JavaScript/TypeScript | fast-check | `import fc from 'fast-check'` |
|
|
9
|
+
| Rust | proptest | `use proptest::prelude::*` |
|
|
10
|
+
| Go | rapid | `import "pgregory.net/rapid"` |
|
|
11
|
+
| Java | jqwik | `@Property` annotations, `import net.jqwik.api.*` |
|
|
12
|
+
| Scala | ScalaCheck | `import org.scalacheck._` |
|
|
13
|
+
| C# | FsCheck | `using FsCheck; using FsCheck.Xunit;` |
|
|
14
|
+
| Elixir | StreamData | `use ExUnitProperties` |
|
|
15
|
+
| Haskell | QuickCheck | `import Test.QuickCheck` |
|
|
16
|
+
| Clojure | test.check | `[clojure.test.check :as tc]` |
|
|
17
|
+
| Ruby | PropCheck | `require 'prop_check'` |
|
|
18
|
+
| Kotlin | Kotest | `io.kotest.property.*` |
|
|
19
|
+
| Swift | SwiftCheck | `import SwiftCheck` ⚠️ unmaintained |
|
|
20
|
+
| C++ | RapidCheck | `#include <rapidcheck.h>` |
|
|
21
|
+
|
|
22
|
+
### Alternatives
|
|
23
|
+
|
|
24
|
+
| Language | Alternative | Notes |
|
|
25
|
+
|----------|-------------|-------|
|
|
26
|
+
| Haskell | Hedgehog | Integrated shrinking, no type classes |
|
|
27
|
+
| Rust | quickcheck | Simpler API, per-type shrinking |
|
|
28
|
+
| Go | gopter | ScalaCheck-style, more explicit |
|
|
29
|
+
|
|
30
|
+
## Smart Contract Testing (EVM/Solidity)
|
|
31
|
+
|
|
32
|
+
| Tool | Type | Description |
|
|
33
|
+
|------|------|-------------|
|
|
34
|
+
| Echidna | Fuzzer | Property-based fuzzer for EVM contracts |
|
|
35
|
+
| Medusa | Fuzzer | Next-gen fuzzer with parallel execution |
|
|
36
|
+
|
|
37
|
+
```solidity
|
|
38
|
+
// Echidna property example
|
|
39
|
+
function echidna_balance_invariant() public returns (bool) {
|
|
40
|
+
return address(this).balance >= 0;
|
|
41
|
+
}
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
**Installation**:
|
|
45
|
+
```bash
|
|
46
|
+
# Echidna (via crytic toolchain)
|
|
47
|
+
pip install crytic-compile
|
|
48
|
+
# Download binary from https://github.com/crytic/echidna
|
|
49
|
+
|
|
50
|
+
# Medusa
|
|
51
|
+
go install github.com/crytic/medusa@latest
|
|
52
|
+
```
|
|
53
|
+
|
|
54
|
+
See [secure-contracts.com](https://secure-contracts.com) for tutorials.
|
|
55
|
+
|
|
56
|
+
## Installation
|
|
57
|
+
|
|
58
|
+
**Python**:
|
|
59
|
+
```bash
|
|
60
|
+
pip install hypothesis
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
**JavaScript/TypeScript**:
|
|
64
|
+
```bash
|
|
65
|
+
npm install fast-check
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
**Rust** (add to Cargo.toml):
|
|
69
|
+
```toml
|
|
70
|
+
[dev-dependencies]
|
|
71
|
+
proptest = "1.0"
|
|
72
|
+
# or for quickcheck:
|
|
73
|
+
quickcheck = "1.0"
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
**Go**:
|
|
77
|
+
```bash
|
|
78
|
+
go get pgregory.net/rapid
|
|
79
|
+
# or for gopter:
|
|
80
|
+
go get github.com/leanovate/gopter
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
**Java** (Maven):
|
|
84
|
+
```xml
|
|
85
|
+
<dependency>
|
|
86
|
+
<groupId>net.jqwik</groupId>
|
|
87
|
+
<artifactId>jqwik</artifactId>
|
|
88
|
+
<version>1.9.3</version>
|
|
89
|
+
<scope>test</scope>
|
|
90
|
+
</dependency>
|
|
91
|
+
```
|
|
92
|
+
|
|
93
|
+
**Clojure** (deps.edn):
|
|
94
|
+
```clojure
|
|
95
|
+
{:deps {org.clojure/test.check {:mvn/version "1.1.2"}}}
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
**Haskell**:
|
|
99
|
+
```bash
|
|
100
|
+
cabal install QuickCheck
|
|
101
|
+
# or for Hedgehog:
|
|
102
|
+
cabal install hedgehog
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
## Detecting Existing Usage
|
|
106
|
+
|
|
107
|
+
Search for PBT library imports in the codebase:
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
# Python
|
|
111
|
+
rg "from hypothesis import" --type py
|
|
112
|
+
|
|
113
|
+
# JavaScript/TypeScript
|
|
114
|
+
rg "from 'fast-check'" --type js --type ts
|
|
115
|
+
|
|
116
|
+
# Rust
|
|
117
|
+
rg "use proptest" --type rust
|
|
118
|
+
|
|
119
|
+
# Go
|
|
120
|
+
rg "pgregory.net/rapid" --type go
|
|
121
|
+
|
|
122
|
+
# Java
|
|
123
|
+
rg "@Property" --type java
|
|
124
|
+
|
|
125
|
+
# Clojure
|
|
126
|
+
rg "test.check" --type clojure
|
|
127
|
+
|
|
128
|
+
# Solidity (Echidna)
|
|
129
|
+
rg "echidna_" --glob "*.sol"
|
|
130
|
+
```
|
|
@@ -0,0 +1,181 @@
|
|
|
1
|
+
# Refactoring for Property-Based Testing
|
|
2
|
+
|
|
3
|
+
Identify code that could be refactored to enable or improve property-based testing.
|
|
4
|
+
|
|
5
|
+
## Quick Reference
|
|
6
|
+
|
|
7
|
+
| Pattern | Problem | Solution | Properties Enabled |
|
|
8
|
+
|---------|---------|----------|-------------------|
|
|
9
|
+
| I/O mixed with logic | Can't test without mocks | Extract pure core | Multiple |
|
|
10
|
+
| Encode without decode | No roundtrip possible | Add inverse operation | Roundtrip |
|
|
11
|
+
| Hardcoded config | Can't test edge cases | Inject dependencies | Full coverage |
|
|
12
|
+
| In-place mutation | Hard to verify before/after | Return new value | Comparison properties |
|
|
13
|
+
| String building | Can't verify structure | Structured + render | Roundtrip |
|
|
14
|
+
| Implicit invariants | Can't test constraints | Make explicit with validation | Invariant |
|
|
15
|
+
|
|
16
|
+
## Refactoring Patterns
|
|
17
|
+
|
|
18
|
+
### 1. Extract Pure Core from Impure Functions (High Impact)
|
|
19
|
+
|
|
20
|
+
**Pattern**: Functions that mix I/O with logic
|
|
21
|
+
|
|
22
|
+
```python
|
|
23
|
+
# BEFORE - hard to test
|
|
24
|
+
def process_order(order_id: str) -> None:
|
|
25
|
+
order = db.fetch(order_id) # I/O
|
|
26
|
+
discount = calculate_discount(order) # Pure logic
|
|
27
|
+
total = apply_discount(order, discount) # Pure logic
|
|
28
|
+
db.save(order_id, total) # I/O
|
|
29
|
+
|
|
30
|
+
# AFTER - pure core extracted
|
|
31
|
+
def calculate_order_total(order: Order, rules: DiscountRules) -> Decimal:
|
|
32
|
+
"""Pure function - easy to property test."""
|
|
33
|
+
discount = calculate_discount(order, rules)
|
|
34
|
+
return apply_discount(order, discount)
|
|
35
|
+
|
|
36
|
+
def process_order(order_id: str) -> None:
|
|
37
|
+
"""Thin I/O wrapper."""
|
|
38
|
+
order = db.fetch(order_id)
|
|
39
|
+
total = calculate_order_total(order, get_discount_rules())
|
|
40
|
+
db.save(order_id, total)
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
**Detection**: `rg "def \w+\(" -A 20 | grep -E "(open\(|db\.|requests\.|fetch|save)"`
|
|
44
|
+
|
|
45
|
+
### 2. Add Missing Inverse Operations (High Impact)
|
|
46
|
+
|
|
47
|
+
**Pattern**: One-way operations that should have pairs
|
|
48
|
+
|
|
49
|
+
```python
|
|
50
|
+
# BEFORE - only encode
|
|
51
|
+
def encode_message(msg: dict) -> bytes:
|
|
52
|
+
return msgpack.packb(msg)
|
|
53
|
+
|
|
54
|
+
# AFTER - add decode for roundtrip testing
|
|
55
|
+
def encode_message(msg: dict) -> bytes:
|
|
56
|
+
return msgpack.packb(msg)
|
|
57
|
+
|
|
58
|
+
def decode_message(data: bytes) -> dict:
|
|
59
|
+
return msgpack.unpackb(data)
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
**Detection**: Find encode without decode, serialize without deserialize
|
|
63
|
+
|
|
64
|
+
### 3. Replace Hardcoded Dependencies (Medium Impact)
|
|
65
|
+
|
|
66
|
+
**Pattern**: Functions using globals or hardcoded config
|
|
67
|
+
|
|
68
|
+
```python
|
|
69
|
+
# BEFORE
|
|
70
|
+
def validate_input(data: str) -> bool:
|
|
71
|
+
return len(data) <= CONFIG.max_length
|
|
72
|
+
|
|
73
|
+
# AFTER - dependencies injected
|
|
74
|
+
def validate_input(data: str, max_length: int) -> bool:
|
|
75
|
+
return len(data) <= max_length
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
**Detection**: `rg "(CONFIG\.|SETTINGS\.|os\.environ)"`
|
|
79
|
+
|
|
80
|
+
### 4. Return Values Instead of Mutating (Medium Impact)
|
|
81
|
+
|
|
82
|
+
**Pattern**: Methods that mutate in place
|
|
83
|
+
|
|
84
|
+
```python
|
|
85
|
+
# BEFORE
|
|
86
|
+
def sort_tasks(tasks: list[Task]) -> None:
|
|
87
|
+
tasks.sort(key=lambda t: t.priority)
|
|
88
|
+
|
|
89
|
+
# AFTER - returns new list
|
|
90
|
+
def sorted_tasks(tasks: list[Task]) -> list[Task]:
|
|
91
|
+
return sorted(tasks, key=lambda t: t.priority)
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
**Detection**: `rg "-> None:" -A 10 | grep -E "\.(sort|append|extend)"`
|
|
95
|
+
|
|
96
|
+
### 5. Convert String Building to Structured + Render (Medium Impact)
|
|
97
|
+
|
|
98
|
+
**Pattern**: Manual string concatenation
|
|
99
|
+
|
|
100
|
+
```python
|
|
101
|
+
# BEFORE
|
|
102
|
+
def build_query(table: str, filters: dict) -> str:
|
|
103
|
+
q = f"SELECT * FROM {table}"
|
|
104
|
+
if filters:
|
|
105
|
+
q += " WHERE " + " AND ".join(...)
|
|
106
|
+
return q
|
|
107
|
+
|
|
108
|
+
# AFTER - structured representation
|
|
109
|
+
@dataclass
|
|
110
|
+
class Query:
|
|
111
|
+
table: str
|
|
112
|
+
filters: dict
|
|
113
|
+
|
|
114
|
+
def render_query(q: Query) -> str: ...
|
|
115
|
+
def parse_query(sql: str) -> Query: ... # Add inverse!
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
### 6. Add Validators/Generators for Predicates (Lower Impact)
|
|
119
|
+
|
|
120
|
+
**Pattern**: `is_valid()` exists but no way to generate valid inputs
|
|
121
|
+
|
|
122
|
+
```python
|
|
123
|
+
# BEFORE
|
|
124
|
+
def is_valid_email(s: str) -> bool:
|
|
125
|
+
return EMAIL_REGEX.match(s) is not None
|
|
126
|
+
|
|
127
|
+
# AFTER - add generator
|
|
128
|
+
@st.composite
|
|
129
|
+
def valid_emails(draw):
|
|
130
|
+
local = draw(st.from_regex(r'[a-z][a-z0-9]{1,20}'))
|
|
131
|
+
domain = draw(st.sampled_from(['gmail.com', 'example.com']))
|
|
132
|
+
return f"{local}@{domain}"
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
**Detection**: `rg "def is_\w+\(" --type py`
|
|
136
|
+
|
|
137
|
+
### 7. Make Implicit Invariants Explicit (Lower Impact)
|
|
138
|
+
|
|
139
|
+
**Pattern**: Constraints in comments but not enforced
|
|
140
|
+
|
|
141
|
+
```python
|
|
142
|
+
# BEFORE - constraint only in docstring
|
|
143
|
+
def allocate_buffer(size: int) -> bytes:
|
|
144
|
+
"""Size must be positive and <= 1MB."""
|
|
145
|
+
return bytes(size)
|
|
146
|
+
|
|
147
|
+
# AFTER - enforced
|
|
148
|
+
MAX_BUFFER_SIZE = 1024 * 1024
|
|
149
|
+
|
|
150
|
+
def allocate_buffer(size: int) -> bytes:
|
|
151
|
+
if not (0 < size <= MAX_BUFFER_SIZE):
|
|
152
|
+
raise ValueError(f"size must be in (0, {MAX_BUFFER_SIZE}]")
|
|
153
|
+
return bytes(size)
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
**Detection**: `rg "(must be|should be|always|never)" --type py`
|
|
157
|
+
|
|
158
|
+
## Evaluation Criteria
|
|
159
|
+
|
|
160
|
+
For each refactoring opportunity:
|
|
161
|
+
|
|
162
|
+
| Factor | Questions |
|
|
163
|
+
|--------|-----------|
|
|
164
|
+
| Properties enabled | What tests become possible? Roundtrip > Idempotence > No crash |
|
|
165
|
+
| Effort | Low/Medium/High - how much code change? |
|
|
166
|
+
| Risk | Breaking changes? API impact? |
|
|
167
|
+
| Backwards compatibility | Can old callers still work? |
|
|
168
|
+
|
|
169
|
+
## Prioritization
|
|
170
|
+
|
|
171
|
+
1. Strength of properties enabled (roundtrip > idempotence > no crash)
|
|
172
|
+
2. Effort required (prefer low-effort wins)
|
|
173
|
+
3. Risk level (prefer safe changes)
|
|
174
|
+
|
|
175
|
+
## Red Flags
|
|
176
|
+
|
|
177
|
+
- **Breaking the API without warning**: Flag breaking changes clearly and offer backwards-compatible alternatives
|
|
178
|
+
- **Over-engineering**: Not every function needs to be perfectly testable - prioritize high-value code
|
|
179
|
+
- **Ignoring existing tests**: Run existing tests after refactoring to verify behavior unchanged
|
|
180
|
+
- **Missing the forest for the trees**: If a module needs wholesale restructuring, say so rather than suggesting 20 small changes
|
|
181
|
+
- **Not considering effort vs value**: A complex refactoring enabling only "no crash" isn't worth it
|
package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md
ADDED
|
@@ -0,0 +1,209 @@
|
|
|
1
|
+
# Reviewing Property-Based Tests
|
|
2
|
+
|
|
3
|
+
Evaluate quality of existing property-based tests and suggest improvements.
|
|
4
|
+
|
|
5
|
+
## Quick Reference
|
|
6
|
+
|
|
7
|
+
| Issue | Severity | Detection | Fix |
|
|
8
|
+
|-------|----------|-----------|-----|
|
|
9
|
+
| Tautological | CRITICAL | Assertion compares same expression | Rewrite with actual property |
|
|
10
|
+
| Vacuous | CRITICAL | Contradictory `assume()` calls | Remove or fix filters |
|
|
11
|
+
| Weak (no assertion) | HIGH | Test body has no assert | Add meaningful assertion |
|
|
12
|
+
| Reimplementation | HIGH | Assertion mirrors function logic | Use algebraic property instead |
|
|
13
|
+
| Over-filtered | MEDIUM | Many `assume()` calls | Redesign strategy |
|
|
14
|
+
| Missing edge cases | MEDIUM | No `@example` decorators | Add explicit edge cases |
|
|
15
|
+
| Poor settings | LOW | Missing or bad `@settings` | Add appropriate settings |
|
|
16
|
+
|
|
17
|
+
## Quality Issues
|
|
18
|
+
|
|
19
|
+
### Issue: Tautological Properties (CRITICAL)
|
|
20
|
+
|
|
21
|
+
Properties that are always true regardless of implementation.
|
|
22
|
+
|
|
23
|
+
```python
|
|
24
|
+
# BAD - compares function to itself
|
|
25
|
+
@given(st.lists(st.integers()))
|
|
26
|
+
def test_sort_tautology(xs):
|
|
27
|
+
assert sorted(xs) == sorted(xs) # Always true!
|
|
28
|
+
|
|
29
|
+
# BAD - tests nothing about the function
|
|
30
|
+
@given(st.integers())
|
|
31
|
+
def test_useless(x):
|
|
32
|
+
result = compute(x)
|
|
33
|
+
assert result == result # Always true!
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
**Detection**: Assertions comparing same expression, or not using function result meaningfully.
|
|
37
|
+
|
|
38
|
+
### Issue: Vacuous Tests (CRITICAL)
|
|
39
|
+
|
|
40
|
+
Tests where assumptions filter out most/all inputs.
|
|
41
|
+
|
|
42
|
+
```python
|
|
43
|
+
# VACUOUS - impossible condition
|
|
44
|
+
@given(st.integers())
|
|
45
|
+
def test_vacuous(x):
|
|
46
|
+
assume(x > 100)
|
|
47
|
+
assume(x < 50) # Impossible!
|
|
48
|
+
assert compute(x) > 0
|
|
49
|
+
|
|
50
|
+
# VACUOUS - overly restrictive
|
|
51
|
+
@given(st.integers())
|
|
52
|
+
def test_too_filtered(x):
|
|
53
|
+
assume(x == 42) # Only tests one value!
|
|
54
|
+
assert compute(x) == expected
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
**Detection**: Multiple `assume()` calls, `assume` with very narrow conditions.
|
|
58
|
+
|
|
59
|
+
### Issue: Weak Properties (HIGH)
|
|
60
|
+
|
|
61
|
+
Properties that only test minimal guarantees.
|
|
62
|
+
|
|
63
|
+
```python
|
|
64
|
+
# WEAK - only tests no crash
|
|
65
|
+
@given(st.text())
|
|
66
|
+
def test_only_no_crash(s):
|
|
67
|
+
process(s) # No assertion at all
|
|
68
|
+
|
|
69
|
+
# WEAK - only tests type
|
|
70
|
+
@given(st.integers())
|
|
71
|
+
def test_only_type(x):
|
|
72
|
+
assert isinstance(compute(x), int)
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
**Detection**: Tests without assertions, or only `isinstance`/type checks.
|
|
76
|
+
|
|
77
|
+
### Issue: Reimplementing the Function (HIGH)
|
|
78
|
+
|
|
79
|
+
```python
|
|
80
|
+
# BAD - just reimplements the logic
|
|
81
|
+
@given(st.integers(), st.integers())
|
|
82
|
+
def test_reimplements(a, b):
|
|
83
|
+
assert add(a, b) == a + b # Tests nothing if add() is just a + b
|
|
84
|
+
```
|
|
85
|
+
|
|
86
|
+
**Detection**: Test assertion contains same logic as function under test.
|
|
87
|
+
|
|
88
|
+
### Issue: Poor Input Coverage (MEDIUM)
|
|
89
|
+
|
|
90
|
+
```python
|
|
91
|
+
# NARROW - misses edge cases
|
|
92
|
+
@given(st.integers(min_value=1, max_value=10))
|
|
93
|
+
def test_narrow_range(x):
|
|
94
|
+
assert compute(x) >= 0 # What about 0? Negatives? Large values?
|
|
95
|
+
|
|
96
|
+
# MISSING - no edge case examples
|
|
97
|
+
@given(st.lists(st.integers()))
|
|
98
|
+
def test_no_explicit_edges(xs):
|
|
99
|
+
# Should include @example([]) @example([1]) etc.
|
|
100
|
+
assert len(sort(xs)) == len(xs)
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
### Issue: Missing Stronger Properties (MEDIUM)
|
|
104
|
+
|
|
105
|
+
```python
|
|
106
|
+
# EXISTS - but could be stronger
|
|
107
|
+
@given(st.lists(st.integers()))
|
|
108
|
+
def test_sort_length(xs):
|
|
109
|
+
assert len(sort(xs)) == len(xs)
|
|
110
|
+
# MISSING: ordering property, element preservation
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
### Issue: Poor Settings (LOW)
|
|
114
|
+
|
|
115
|
+
```python
|
|
116
|
+
# TOO FEW - may miss bugs
|
|
117
|
+
@settings(max_examples=5)
|
|
118
|
+
def test_few_examples(x): ...
|
|
119
|
+
|
|
120
|
+
# NO DEADLINE - may hang in CI
|
|
121
|
+
@given(expensive_strategy())
|
|
122
|
+
def test_no_deadline(x): ... # Could timeout
|
|
123
|
+
```
|
|
124
|
+
|
|
125
|
+
## Review Process
|
|
126
|
+
|
|
127
|
+
### 1. Locate Property-Based Tests
|
|
128
|
+
|
|
129
|
+
Search using library-specific patterns:
|
|
130
|
+
|
|
131
|
+
**Python/Hypothesis:**
|
|
132
|
+
```bash
|
|
133
|
+
rg "@given\(" --type py
|
|
134
|
+
rg "from hypothesis import" --type py
|
|
135
|
+
```
|
|
136
|
+
|
|
137
|
+
**JavaScript/fast-check:**
|
|
138
|
+
```bash
|
|
139
|
+
rg "fc\.(assert|property)" --type js --type ts
|
|
140
|
+
```
|
|
141
|
+
|
|
142
|
+
**Rust/proptest:**
|
|
143
|
+
```bash
|
|
144
|
+
rg "proptest!" --type rust
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
### 2. Analyze Each Test
|
|
148
|
+
|
|
149
|
+
Check for issues above, starting with critical then high severity.
|
|
150
|
+
|
|
151
|
+
### 3. Evaluate Shrinking Quality
|
|
152
|
+
|
|
153
|
+
Will tests shrink to minimal counterexamples? Complex strategies may produce hard-to-debug failures.
|
|
154
|
+
|
|
155
|
+
### 4. Check for Flakiness Potential
|
|
156
|
+
|
|
157
|
+
- Non-determinism in code under test
|
|
158
|
+
- Time-dependent assertions
|
|
159
|
+
- Global state dependencies
|
|
160
|
+
- Floating point comparisons without tolerance
|
|
161
|
+
|
|
162
|
+
### 5. Suggest Stronger Properties
|
|
163
|
+
|
|
164
|
+
Compare against property catalog - are stronger properties available but not tested?
|
|
165
|
+
|
|
166
|
+
## Test Health Score
|
|
167
|
+
|
|
168
|
+
| Category | Score | What to Check |
|
|
169
|
+
|----------|-------|---------------|
|
|
170
|
+
| Property Strength | X/5 | Roundtrip > Idempotence > Type > No crash |
|
|
171
|
+
| Input Coverage | X/5 | Edge cases, strategy breadth |
|
|
172
|
+
| Assertions | X/5 | Meaningful, not tautological |
|
|
173
|
+
| Settings | X/5 | Appropriate for context |
|
|
174
|
+
|
|
175
|
+
## Mutation Testing Verification
|
|
176
|
+
|
|
177
|
+
Suggest specific mutations to verify tests catch bugs:
|
|
178
|
+
|
|
179
|
+
```
|
|
180
|
+
To verify test_sort catches bugs:
|
|
181
|
+
|
|
182
|
+
1. Return input unchanged: `return xs`
|
|
183
|
+
- Should fail: test_ordering
|
|
184
|
+
|
|
185
|
+
2. Drop last element: `return sorted(xs)[:-1]`
|
|
186
|
+
- Should fail: test_length_preserved
|
|
187
|
+
|
|
188
|
+
3. Reverse order: `return sorted(xs, reverse=True)`
|
|
189
|
+
- Should fail: test_ordering
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
## Quality Checklist
|
|
193
|
+
|
|
194
|
+
For each test, verify:
|
|
195
|
+
- [ ] Not tautological (assertion doesn't compare same expression)
|
|
196
|
+
- [ ] Strong assertion (not just "no crash")
|
|
197
|
+
- [ ] Not vacuous (inputs not over-filtered)
|
|
198
|
+
- [ ] Good coverage (edge cases via `@example`)
|
|
199
|
+
- [ ] No reimplementation of function logic
|
|
200
|
+
- [ ] Appropriate settings for context
|
|
201
|
+
- [ ] Good shrinking potential
|
|
202
|
+
- [ ] Deterministic (no flakiness risk)
|
|
203
|
+
|
|
204
|
+
## Red Flags
|
|
205
|
+
|
|
206
|
+
- **Marking tautologies as "fine"**: `assert x == x` is NEVER a valid test
|
|
207
|
+
- **Accepting "no crash" as sufficient**: Always push for stronger properties
|
|
208
|
+
- **Ignoring vacuous tests**: Tests with contradictory `assume()` provide false confidence
|
|
209
|
+
- **Not checking for reimplementation**: `assert add(a,b) == a + b` tests nothing if that's how `add` is implemented
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
# Input Strategy Reference
|
|
2
|
+
|
|
3
|
+
## Python/Hypothesis
|
|
4
|
+
|
|
5
|
+
| Type | Strategy |
|
|
6
|
+
|------|----------|
|
|
7
|
+
| `int` | `st.integers()` |
|
|
8
|
+
| `float` | `st.floats(allow_nan=False)` |
|
|
9
|
+
| `str` | `st.text()` |
|
|
10
|
+
| `bytes` | `st.binary()` |
|
|
11
|
+
| `bool` | `st.booleans()` |
|
|
12
|
+
| `list[T]` | `st.lists(strategy_for_T)` |
|
|
13
|
+
| `dict[K, V]` | `st.dictionaries(key_strategy, value_strategy)` |
|
|
14
|
+
| `set[T]` | `st.frozensets(strategy_for_T)` |
|
|
15
|
+
| `tuple[T, ...]` | `st.tuples(strategy_for_T, ...)` |
|
|
16
|
+
| `Optional[T]` | `st.none() \| strategy_for_T` |
|
|
17
|
+
| `Union[A, B]` | `st.one_of(strategy_a, strategy_b)` |
|
|
18
|
+
| Custom class | `st.builds(ClassName, field1=..., field2=...)` |
|
|
19
|
+
| Enum | `st.sampled_from(EnumClass)` |
|
|
20
|
+
| Constrained int | `st.integers(min_value=0, max_value=100)` |
|
|
21
|
+
| Email | `st.emails()` |
|
|
22
|
+
| UUID | `st.uuids()` |
|
|
23
|
+
| DateTime | `st.datetimes()` |
|
|
24
|
+
| Regex match | `st.from_regex(r"pattern")` |
|
|
25
|
+
|
|
26
|
+
### Composite Strategies
|
|
27
|
+
|
|
28
|
+
For complex types, use `@st.composite`:
|
|
29
|
+
|
|
30
|
+
```python
|
|
31
|
+
@st.composite
|
|
32
|
+
def valid_users(draw):
|
|
33
|
+
name = draw(st.text(min_size=1, max_size=50))
|
|
34
|
+
age = draw(st.integers(min_value=0, max_value=150))
|
|
35
|
+
email = draw(st.emails())
|
|
36
|
+
return User(name=name, age=age, email=email)
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
## JavaScript/fast-check
|
|
40
|
+
|
|
41
|
+
| Type | Strategy |
|
|
42
|
+
|------|----------|
|
|
43
|
+
| number | `fc.integer()` or `fc.float()` |
|
|
44
|
+
| string | `fc.string()` |
|
|
45
|
+
| boolean | `fc.boolean()` |
|
|
46
|
+
| array | `fc.array(itemArb)` |
|
|
47
|
+
| object | `fc.record({...})` |
|
|
48
|
+
| optional | `fc.option(arb)` |
|
|
49
|
+
|
|
50
|
+
### Example
|
|
51
|
+
|
|
52
|
+
```typescript
|
|
53
|
+
const userArb = fc.record({
|
|
54
|
+
name: fc.string({ minLength: 1, maxLength: 50 }),
|
|
55
|
+
age: fc.integer({ min: 0, max: 150 }),
|
|
56
|
+
email: fc.emailAddress(),
|
|
57
|
+
});
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
## Rust/proptest
|
|
61
|
+
|
|
62
|
+
| Type | Strategy |
|
|
63
|
+
|------|----------|
|
|
64
|
+
| i32, u64, etc | `any::<i32>()` |
|
|
65
|
+
| String | `any::<String>()` or `"[a-z]+"` (regex) |
|
|
66
|
+
| Vec<T> | `prop::collection::vec(strategy, size)` |
|
|
67
|
+
| Option<T> | `prop::option::of(strategy)` |
|
|
68
|
+
|
|
69
|
+
### Example
|
|
70
|
+
|
|
71
|
+
```rust
|
|
72
|
+
proptest! {
|
|
73
|
+
#[test]
|
|
74
|
+
fn test_roundtrip(s in "[a-z]{1,20}") {
|
|
75
|
+
let encoded = encode(&s);
|
|
76
|
+
let decoded = decode(&encoded)?;
|
|
77
|
+
prop_assert_eq!(s, decoded);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
## Go/rapid
|
|
83
|
+
|
|
84
|
+
```go
|
|
85
|
+
rapid.Check(t, func(t *rapid.T) {
|
|
86
|
+
s := rapid.String().Draw(t, "s")
|
|
87
|
+
n := rapid.IntRange(0, 100).Draw(t, "n")
|
|
88
|
+
// test with s and n
|
|
89
|
+
})
|
|
90
|
+
```
|
|
91
|
+
|
|
92
|
+
## Best Practices
|
|
93
|
+
|
|
94
|
+
1. **Constrain early**: Build constraints into strategy, not `assume()`
|
|
95
|
+
```python
|
|
96
|
+
# GOOD
|
|
97
|
+
st.integers(min_value=1, max_value=100)
|
|
98
|
+
|
|
99
|
+
# BAD
|
|
100
|
+
st.integers().filter(lambda x: 1 <= x <= 100)
|
|
101
|
+
```
|
|
102
|
+
|
|
103
|
+
2. **Size limits**: Use `max_size` to prevent slow tests
|
|
104
|
+
```python
|
|
105
|
+
st.lists(st.integers(), max_size=100)
|
|
106
|
+
st.text(max_size=1000)
|
|
107
|
+
```
|
|
108
|
+
|
|
109
|
+
3. **Realistic data**: Make strategies match real-world constraints
|
|
110
|
+
```python
|
|
111
|
+
# Real user ages, not arbitrary integers
|
|
112
|
+
st.integers(min_value=0, max_value=150)
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
4. **Reuse strategies**: Define once, use across tests
|
|
116
|
+
```python
|
|
117
|
+
valid_users = st.builds(User, ...)
|
|
118
|
+
|
|
119
|
+
@given(valid_users)
|
|
120
|
+
def test_one(user): ...
|
|
121
|
+
|
|
122
|
+
@given(valid_users)
|
|
123
|
+
def test_two(user): ...
|
|
124
|
+
```
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# Semgrep Rule Creator
|
|
2
|
+
|
|
3
|
+
Create production-quality Semgrep rules for detecting bug patterns and security vulnerabilities.
|
|
4
|
+
|
|
5
|
+
**Author:** Maciej Domanski
|
|
6
|
+
|
|
7
|
+
## Skills Included
|
|
8
|
+
|
|
9
|
+
| Skill | Purpose |
|
|
10
|
+
|-----------------------|------------------------------------------------------|
|
|
11
|
+
| `semgrep-rule-creator` | Guide creation of custom Semgrep rules with testing |
|
|
12
|
+
|
|
13
|
+
## When to Use
|
|
14
|
+
|
|
15
|
+
Use this skill when you need to:
|
|
16
|
+
- Create custom Semgrep rules for detecting specific bug patterns
|
|
17
|
+
- Write rules for security vulnerability detection
|
|
18
|
+
- Build taint mode rules for data flow analysis
|
|
19
|
+
- Develop pattern matching rules for code quality checks
|
|
20
|
+
|
|
21
|
+
## What It Does
|
|
22
|
+
|
|
23
|
+
- Guides test-driven rule development (write tests first, then iterate)
|
|
24
|
+
- Analyzes AST structure to help craft precise patterns
|
|
25
|
+
- Supports both taint mode (data flow) and pattern matching approaches
|
|
26
|
+
- Includes comprehensive reference documentation from Semgrep docs
|
|
27
|
+
- Provides common vulnerability patterns by language
|
|
28
|
+
|
|
29
|
+
## Prerequisites
|
|
30
|
+
|
|
31
|
+
- [Semgrep](https://semgrep.dev/docs/getting-started/) installed (`pip install semgrep` or `brew install semgrep`)
|
|
32
|
+
|
|
33
|
+
## Installation
|
|
34
|
+
|
|
35
|
+
```
|
|
36
|
+
/plugin install trailofbits/skills/plugins/semgrep-rule-creator
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
## Related Skills
|
|
40
|
+
|
|
41
|
+
- `semgrep-rule-variant-creator` - Port existing Semgrep rules to new target languages
|
|
42
|
+
- `static-analysis` - General static analysis toolkit with Semgrep, CodeQL, and SARIF parsing
|
|
43
|
+
- `variant-analysis` - Find similar vulnerabilities across codebases
|