Co-Pilot / 辅助式

更新于 a month ago

testing-handbook-skills

Name: testing-handbook-skills
Rating: 4.1 (1828 reviews)
Author: trailofbits

Ttrailofbits

1.8k

trailofbits/skills/plugins/testing-handbook-skills

Agent 评分

💡 摘要

一个元技能，能基于Trail of Bits应用安全测试手册，自动生成用于安全测试工具和技术的Claude Code技能。

🎯 适合人群

安全工程师DevSecOps从业者AI智能体开发者应用安全研究员质量保证工程师

🤖 AI 吐槽: “这是一个关于构建技能的技能工厂，可能在开始任何实际安全测试之前，先创造出一个元工作的无限循环。”

安全分析低风险

该技能可能从GitHub克隆测试手册，如果仓库被入侵则会引入供应链风险。验证脚本会执行Python代码。缓解措施：为手册仓库使用固定的提交哈希，并审计验证脚本的依赖项和执行过程。

Testing Handbook Skills

Meta-skill that generates Claude Code skills from the Trail of Bits Application Security Testing Handbook.

Overview

This plugin provides a skill generator that:

Analyzes the Testing Handbook structure
Identifies skill candidates (tools, techniques, domains)
Generates skills using appropriate templates
Validates generated skills

Installation

Add to your Claude Code skills configuration:

# From the skills marketplace
claude skills install testing-handbook-skills

# Or manually add to .claude/settings.json
{
  "plugins": [
    "./plugins/testing-handbook-skills"
  ]
}

Usage

Generate All Skills

Generate skills from the testing handbook

This will:

Locate the handbook (check common locations, ask user, or clone)
Scan the handbook structure
Present a plan of skills to generate
On approval, generate skills as siblings to testing-handbook-generator/

Generate Specific Skill

Create a skill for the libFuzzer section of the testing handbook

Structure

plugins/testing-handbook-skills/
├── .claude-plugin/
│   └── plugin.json
├── scripts/
│   └── validate-skills.py        # Skill validation tool
├── skills/
│   ├── testing-handbook-generator/
│   │   ├── SKILL.md              # Main skill entry point
│   │   ├── discovery.md          # Handbook analysis methodology
│   │   ├── testing.md            # Validation strategy
│   │   ├── agent-prompt.md       # Agent prompt template for generation
│   │   └── templates/            # Skill generation templates
│   │       ├── tool-skill.md     # Semgrep, CodeQL
│   │       ├── fuzzer-skill.md   # libFuzzer, AFL++, cargo-fuzz
│   │       ├── technique-skill.md # Harness writing, coverage
│   │       └── domain-skill.md   # Crypto testing, web security
│   ├── [generated-skill]/        # Generated skills (siblings to generator)
│   │   └── SKILL.md
│   └── ...
└── README.md

Scripts

| Script | Purpose | |--------|---------| | validate-skills.py | Validates generated skills (YAML, sections, line count, shortcodes, cross-refs) |

# Validate all skills
uv run scripts/validate-skills.py

# Validate specific skill
uv run scripts/validate-skills.py --skill libfuzzer

# JSON output for CI
uv run scripts/validate-skills.py --json

Skill Types

| Type | Template | Example Sources | |------|----------|-----------------| | Tool | tool-skill.md | Semgrep, CodeQL | | Fuzzer | fuzzer-skill.md | libFuzzer, AFL++, cargo-fuzz | | Technique | technique-skill.md | Harness writing, coverage analysis | | Domain | domain-skill.md | Wycheproof, constant-time testing |

Generated Skills

Generated skills are written as siblings to the generator:

skills/[skill-name]/SKILL.md

Each generated skill:

Follows the appropriate template structure
Contains content extracted from the handbook
Includes resource links (WebFetch summaries for non-videos)
Is validated with scripts/validate-skills.py before delivery

Skills Cross-Reference

This graph shows the 16 generated skills and their cross-references (from the Related Skills section of each skill). Only links between actually generated skills are shown.

graph TB
    subgraph Fuzzers
        libfuzzer[libfuzzer]
        aflpp[aflpp]
        libafl[libafl]
        cargo-fuzz[cargo-fuzz]
        atheris[atheris]
        ruzzy[ruzzy]
    end

    subgraph Techniques
        harness-writing[harness-writing]
        address-sanitizer[address-sanitizer]
        coverage-analysis[coverage-analysis]
        fuzzing-dictionary[fuzzing-dictionary]
        fuzzing-obstacles[fuzzing-obstacles]
        ossfuzz[ossfuzz]
    end

    subgraph Tools
        semgrep[semgrep]
        codeql[codeql]
    end

    subgraph Domain
        wycheproof[wycheproof]
        constant-time-testing[constant-time-testing]
    end

    %% Fuzzer → Technique references
    libfuzzer --> address-sanitizer
    libfuzzer --> coverage-analysis
    aflpp --> address-sanitizer
    cargo-fuzz --> address-sanitizer
    cargo-fuzz --> coverage-analysis
    libafl --> address-sanitizer
    libafl --> coverage-analysis
    atheris --> address-sanitizer
    atheris --> coverage-analysis
    ruzzy --> address-sanitizer

    %% Fuzzer ↔ Fuzzer alternatives
    libfuzzer -.-> aflpp
    libfuzzer -.-> libafl
    aflpp -.-> libfuzzer
    aflpp -.-> libafl
    cargo-fuzz -.-> libfuzzer
    cargo-fuzz -.-> aflpp
    cargo-fuzz -.-> libafl
    libafl -.-> libfuzzer
    libafl -.-> aflpp
    libafl -.-> cargo-fuzz
    ruzzy -.-> libfuzzer
    ruzzy -.-> aflpp

    %% Tool ↔ Tool alternatives
    semgrep -.-> codeql
    codeql -.-> semgrep

    %% Technique → Fuzzer references
    harness-writing --> libfuzzer
    harness-writing --> aflpp
    harness-writing --> cargo-fuzz
    harness-writing --> atheris
    harness-writing --> ossfuzz
    fuzzing-dictionary --> libfuzzer
    fuzzing-dictionary --> aflpp
    fuzzing-dictionary --> cargo-fuzz
    fuzzing-obstacles --> libfuzzer
    fuzzing-obstacles --> aflpp
    fuzzing-obstacles --> cargo-fuzz
    ossfuzz --> libfuzzer
    ossfuzz --> aflpp
    ossfuzz --> cargo-fuzz
    ossfuzz --> atheris

    %% Technique cross-references
    harness-writing --> address-sanitizer
    harness-writing --> coverage-analysis
    harness-writing --> fuzzing-dictionary
    harness-writing --> fuzzing-obstacles
    fuzzing-dictionary --> coverage-analysis
    fuzzing-dictionary --> harness-writing
    address-sanitizer --> coverage-analysis
    ossfuzz --> address-sanitizer
    ossfuzz --> coverage-analysis

    %% Domain → Technique references
    wycheproof --> coverage-analysis
    constant-time-testing --> coverage-analysis

Legend:

Solid arrows (→): Primary dependencies (techniques, tools used together)
Dashed arrows (-.->): Alternative suggestions (similar tools/fuzzers)

Generated Skills Summary:

| Type | Skills | |------|--------| | Fuzzers (6) | libfuzzer, aflpp, libafl, cargo-fuzz, atheris, ruzzy | | Techniques (6) | harness-writing, address-sanitizer, coverage-analysis, fuzzing-dictionary, fuzzing-obstacles, ossfuzz | | Tools (2) | semgrep, codeql | | Domain (2) | wycheproof, constant-time-testing |

Note: Some skills reference planned/external skills not yet generated (e.g., honggfuzz, fuzzing-corpus, sarif-parsing). Run validate-skills.py to see the full list.

Configuration

The skill will automatically:

Check common locations (./testing-handbook, ../testing-handbook, ~/testing-handbook)
Ask the user for the path if not found
Clone from GitHub as last resort: https://github.com/trailofbits/testing-handbook

No hardcoded paths are used - the skill adapts to your environment.

Author

Paweł Płatek

License

See repository license.

五维分析

清晰度8/10

创新性9/10

实用性9/10

完整性8/10

可维护性7/10

优缺点分析

优点

基于可信来源，自动化创建大量专业安全测试技能。
提供结构化、带交叉引用且经过验证的生成流程。
减少手动构建全面安全测试技能集的工作量。
能适应用户环境以定位手册位置。

缺点

生成技能的质量完全依赖于源手册的内容和结构。
增加了一层间接性；用户必须先生成技能才能使用。
如果手册未更新，生成的技能可能过时或不完整。
验证脚本增加了维护和执行步骤。