Thanks to visit codestin.com
Credit goes to officialskills.sh

officialskills.sh
...
Back to skills

testing-handbook-skills

officialsecurity

A meta-skill that reads the Trail of Bits Application Security Testing Handbook and generates Claude Code skills from it.

Trail of BitsTrail of Bits
View all Trail of Bits skills →

Setup & Installation

npx skills add https://github.com/trailofbits/skills --skill testing-handbook-skills
or paste the link and ask your coding assistant to install it
https://github.com/trailofbits/skills/tree/main/plugins/testing-handbook-skills
View on GitHub

What This Skill Does

A meta-skill that reads the Trail of Bits Application Security Testing Handbook and generates Claude Code skills from it. It covers fuzzers (libFuzzer, AFL++, cargo-fuzz), static analysis tools (Semgrep, CodeQL), techniques like harness writing and coverage analysis, and domain-specific testing for crypto. Generated skills are validated before delivery.

Instead of manually extracting and structuring handbook content into skill files, this generator does the analysis, templating, and cross-referencing automatically across all 16 skill types in one pass.

When to use it

  • Generating a libFuzzer skill directly from the handbook's fuzzing chapter
  • Scaffolding a Semgrep skill with handbook-accurate rule-writing guidance
  • Producing a harness-writing skill that cross-references sanitizer and coverage skills
  • Running validate-skills.py in CI to catch broken cross-references between generated skills
  • Building a full set of 16 coordinated security testing skills from one command

Similar Skills

best-practices

A checklist of modern web development standards covering HTTPS, CSP headers, input sanitization, deprecated API avoidance, and HTML validity.

auth0-android

Adds authentication to native Android apps using the Auth0 SDK.

auth0-angular

Adds authentication to Angular apps using the @auth0/auth0-angular SDK.

auth0-aspnetcore-api

Adds JWT access token validation to ASP.