testing-handbook-skills
π‘ Summary
A meta-skill that automatically generates Claude Code skills for security testing tools and techniques based on the Trail of Bits Application Security Testing Handbook.
π― Target Audience
π€ AI Roast: βIt's a skill factory that builds skills about building skills, potentially creating an infinite loop of meta-work before any actual security testing gets done.β
The skill may clone the testing handbook from GitHub, introducing a supply chain risk if the repository is compromised. The validation script executes Python code. Mitigation: Use a pinned commit hash for the handbook repository and audit the validation script's dependencies and execution.
Testing Handbook Skills
Meta-skill that generates Claude Code skills from the Trail of Bits Application Security Testing Handbook.
Overview
This plugin provides a skill generator that:
- Analyzes the Testing Handbook structure
- Identifies skill candidates (tools, techniques, domains)
- Generates skills using appropriate templates
- Validates generated skills
Installation
Add to your Claude Code skills configuration:
# From the skills marketplace claude skills install testing-handbook-skills # Or manually add to .claude/settings.json { "plugins": [ "./plugins/testing-handbook-skills" ] }
Usage
Generate All Skills
Generate skills from the testing handbook
This will:
- Locate the handbook (check common locations, ask user, or clone)
- Scan the handbook structure
- Present a plan of skills to generate
- On approval, generate skills as siblings to
testing-handbook-generator/
Generate Specific Skill
Create a skill for the libFuzzer section of the testing handbook
Structure
plugins/testing-handbook-skills/
βββ .claude-plugin/
β βββ plugin.json
βββ scripts/
β βββ validate-skills.py # Skill validation tool
βββ skills/
β βββ testing-handbook-generator/
β β βββ SKILL.md # Main skill entry point
β β βββ discovery.md # Handbook analysis methodology
β β βββ testing.md # Validation strategy
β β βββ agent-prompt.md # Agent prompt template for generation
β β βββ templates/ # Skill generation templates
β β βββ tool-skill.md # Semgrep, CodeQL
β β βββ fuzzer-skill.md # libFuzzer, AFL++, cargo-fuzz
β β βββ technique-skill.md # Harness writing, coverage
β β βββ domain-skill.md # Crypto testing, web security
β βββ [generated-skill]/ # Generated skills (siblings to generator)
β β βββ SKILL.md
β βββ ...
βββ README.md
Scripts
| Script | Purpose |
|--------|---------|
| validate-skills.py | Validates generated skills (YAML, sections, line count, shortcodes, cross-refs) |
# Validate all skills uv run scripts/validate-skills.py # Validate specific skill uv run scripts/validate-skills.py --skill libfuzzer # JSON output for CI uv run scripts/validate-skills.py --json
Skill Types
| Type | Template | Example Sources | |------|----------|-----------------| | Tool | tool-skill.md | Semgrep, CodeQL | | Fuzzer | fuzzer-skill.md | libFuzzer, AFL++, cargo-fuzz | | Technique | technique-skill.md | Harness writing, coverage analysis | | Domain | domain-skill.md | Wycheproof, constant-time testing |
Generated Skills
Generated skills are written as siblings to the generator:
skills/[skill-name]/SKILL.md
Each generated skill:
- Follows the appropriate template structure
- Contains content extracted from the handbook
- Includes resource links (WebFetch summaries for non-videos)
- Is validated with
scripts/validate-skills.pybefore delivery
Skills Cross-Reference
This graph shows the 16 generated skills and their cross-references (from the Related Skills section of each skill). Only links between actually generated skills are shown.
graph TB subgraph Fuzzers libfuzzer[libfuzzer] aflpp[aflpp] libafl[libafl] cargo-fuzz[cargo-fuzz] atheris[atheris] ruzzy[ruzzy] end subgraph Techniques harness-writing[harness-writing] address-sanitizer[address-sanitizer] coverage-analysis[coverage-analysis] fuzzing-dictionary[fuzzing-dictionary] fuzzing-obstacles[fuzzing-obstacles] ossfuzz[ossfuzz] end subgraph Tools semgrep[semgrep] codeql[codeql] end subgraph Domain wycheproof[wycheproof] constant-time-testing[constant-time-testing] end %% Fuzzer β Technique references libfuzzer --> address-sanitizer libfuzzer --> coverage-analysis aflpp --> address-sanitizer cargo-fuzz --> address-sanitizer cargo-fuzz --> coverage-analysis libafl --> address-sanitizer libafl --> coverage-analysis atheris --> address-sanitizer atheris --> coverage-analysis ruzzy --> address-sanitizer %% Fuzzer β Fuzzer alternatives libfuzzer -.-> aflpp libfuzzer -.-> libafl aflpp -.-> libfuzzer aflpp -.-> libafl cargo-fuzz -.-> libfuzzer cargo-fuzz -.-> aflpp cargo-fuzz -.-> libafl libafl -.-> libfuzzer libafl -.-> aflpp libafl -.-> cargo-fuzz ruzzy -.-> libfuzzer ruzzy -.-> aflpp %% Tool β Tool alternatives semgrep -.-> codeql codeql -.-> semgrep %% Technique β Fuzzer references harness-writing --> libfuzzer harness-writing --> aflpp harness-writing --> cargo-fuzz harness-writing --> atheris harness-writing --> ossfuzz fuzzing-dictionary --> libfuzzer fuzzing-dictionary --> aflpp fuzzing-dictionary --> cargo-fuzz fuzzing-obstacles --> libfuzzer fuzzing-obstacles --> aflpp fuzzing-obstacles --> cargo-fuzz ossfuzz --> libfuzzer ossfuzz --> aflpp ossfuzz --> cargo-fuzz ossfuzz --> atheris %% Technique cross-references harness-writing --> address-sanitizer harness-writing --> coverage-analysis harness-writing --> fuzzing-dictionary harness-writing --> fuzzing-obstacles fuzzing-dictionary --> coverage-analysis fuzzing-dictionary --> harness-writing address-sanitizer --> coverage-analysis ossfuzz --> address-sanitizer ossfuzz --> coverage-analysis %% Domain β Technique references wycheproof --> coverage-analysis constant-time-testing --> coverage-analysis
Legend:
- Solid arrows (
β): Primary dependencies (techniques, tools used together) - Dashed arrows (
-.->): Alternative suggestions (similar tools/fuzzers)
Generated Skills Summary:
| Type | Skills | |------|--------| | Fuzzers (6) | libfuzzer, aflpp, libafl, cargo-fuzz, atheris, ruzzy | | Techniques (6) | harness-writing, address-sanitizer, coverage-analysis, fuzzing-dictionary, fuzzing-obstacles, ossfuzz | | Tools (2) | semgrep, codeql | | Domain (2) | wycheproof, constant-time-testing |
Note: Some skills reference planned/external skills not yet generated (e.g., honggfuzz, fuzzing-corpus, sarif-parsing). Run validate-skills.py to see the full list.
Configuration
The skill will automatically:
- Check common locations (
./testing-handbook,../testing-handbook,~/testing-handbook) - Ask the user for the path if not found
- Clone from GitHub as last resort:
https://github.com/trailofbits/testing-handbook
No hardcoded paths are used - the skill adapts to your environment.
Author
PaweΕ PΕatek
License
See repository license.
Pros
- Automates creation of numerous specialized skills from a trusted source.
- Provides a structured, validated generation pipeline with cross-references.
- Reduces manual effort for building a comprehensive security testing skill set.
- Adapts to user environment for handbook location.
Cons
- Generated skill quality depends entirely on the source handbook's content and structure.
- Adds a layer of indirection; users must generate skills before using them.
- Potential for outdated or incomplete skills if handbook is not updated.
- Validation script adds a maintenance and execution step.
Related Skills
prowler
AβIt's a Swiss Army knife for cloud security, but you'll need a PhD in YAML to configure all its moving parts.β
kubernetes-specialist
AβPowerful, but the setup might scare off the impatient.β
differential-review
AβPowerful, but the setup might scare off the impatient.β
Disclaimer: This content is sourced from GitHub open source projects for display and rating purposes only.
Copyright belongs to the original author trailofbits.