cargo-fuzz

by trailofbits

cargo-fuzz is a Rust/Cargo fuzzing skill for building libFuzzer harnesses, enabling sanitizer-backed runs, and finding crashes in parser, unsafe, and input-handling code. Use this cargo-fuzz guide when you need practical install and usage guidance for security audit and regression testing in Cargo-based projects.

Stars5k

Favorites0

Comments0

AddedMay 7, 2026

CategorySecurity Audit

Install Command

npx skills add trailofbits/skills --skill cargo-fuzz

Curation Score

This skill scores 78/100, which means it is a solid listing candidate for directory users: it is specific enough to trigger correctly and provides real workflow guidance, though it is not deeply supported by supplemental files. Users looking to fuzz Cargo-based Rust projects should have enough clarity to decide on installation and get started with less guesswork than a generic prompt.

78/100

Strengths

Clearly scoped to Cargo-based Rust fuzzing with libFuzzer, making it easy for an agent to trigger on the right task.
Includes practical setup and run steps (`cargo fuzz init`, edit harness, `cargo +nightly fuzz run ...`) that reduce execution ambiguity.
Gives useful decision guidance on when to choose cargo-fuzz versus AFL++ or LibAFL, helping users judge fit before installing.

Cautions

Relies entirely on a single SKILL.md with no supporting scripts, references, or metadata, so adoption depends on the document itself.
Description is very short and the repository provides limited operational constraints or edge-case guidance, which may leave some execution details to user inference.

Rust Cargo Fuzzing Libfuzzer Sanitizers Testing Cli

Overview

Overview of cargo-fuzz skill

cargo-fuzz is the Rust/Cargo fuzzing skill for teams that want a practical way to build libFuzzer-based harnesses, run them with the right compiler flags, and find crashes in application code or unsafe boundaries. It is best for maintainers, security engineers, and Rust developers who need cargo-fuzz for Security Audit work, regression hunting, or pre-release hardening.

The main decision point is fit: if your codebase already uses Cargo and you want a low-friction fuzzing workflow with sanitizer support, cargo-fuzz is usually the shortest path. If you need non-Cargo targets, custom orchestration, or a research-heavy setup, this skill is probably not the best starting point.

What cargo-fuzz is good for

Use cargo-fuzz when you need fast setup, reproducible harnesses, and a standard Rust workflow instead of stitching together libFuzzer by hand. It helps you focus on test inputs and invariants rather than toolchain plumbing.

Where cargo-fuzz fits in security work

For cargo-fuzz for Security Audit, the value is in exposing parsing bugs, panics, memory-safety issues in unsafe code, and logic errors around untrusted input. It is especially useful when you can define a narrow function boundary that accepts bytes and should never crash.

When cargo-fuzz is not the right fit

Skip cargo-fuzz if the target is not Cargo-based, if you need distributed fuzzing infrastructure first, or if your inputs are not easy to reduce to a byte slice and a deterministic harness. In those cases, a generic prompt or another fuzzer may be a better match.

How to Use cargo-fuzz skill

Install and confirm the expected toolchain

Use the cargo-fuzz install path in the skill context, then confirm you have Rust via rustup and access to the nightly toolchain. The important constraint is that cargo-fuzz relies on nightly-only behavior, so a stable-only environment will block you early.

Turn a rough goal into a useful prompt

Give the skill a concrete target, the function or parser boundary, the input shape, and the failure you care about. A strong prompt looks like: “Create a cargo-fuzz harness for mycrate::parse_packet, focus on malformed length fields and panic-free handling, and assume the project already uses serde and bytes.” That is much better than “fuzz my Rust app.”

Read these files first

Start with SKILL.md, then inspect the project’s README.md, Cargo.toml, and the generated fuzz/ directory if it exists. For cargo-fuzz usage, the key files are the harness under fuzz/fuzz_targets/, the fuzz workspace config, and any code paths that define accepted input and error handling.

Use a narrow workflow for better results

Begin with one target function, one harness, and one clear invariant such as “must not panic,” “must reject invalid frames safely,” or “must round-trip valid input.” Then run the fuzzer, inspect the first crash, minimize the reproducer, and only expand to new targets after the first path is stable.

cargo-fuzz skill FAQ

Do I need a Rust project already?

Yes. cargo-fuzz is meant for Cargo-based Rust repositories, so it is not a good fit for projects without a Rust workspace or for code that cannot be called from a Rust harness.

Is cargo-fuzz only for security testing?

No, but security is the most common reason to use it. You can also use cargo-fuzz to harden parsers, validate assumptions, and catch regressions in code that processes untrusted or complex inputs.

How is cargo-fuzz different from a generic prompt?

A generic prompt can describe fuzzing, but cargo-fuzz gives you a concrete Rust workflow: how to set up the harness, where the generated files live, and what toolchain constraints matter. That reduces guesswork when you need something that actually runs.

Is cargo-fuzz beginner-friendly?

Yes, if you already know the Rust code path you want to test. The hardest part is usually not the tooling but choosing a good target function and writing a harness that isolates one behavior at a time.

How to Improve cargo-fuzz skill

Give the skill a better target boundary

The strongest cargo-fuzz results come from a single public API, parser, decoder, or state transition with a clear byte-oriented input. If you hand it a whole application with no boundary, the harness will be noisier and the results harder to reproduce.

Add invariants and failure rules up front

Tell the skill what counts as a bug: panic, hang, out-of-bounds access, invalid state, or unexpected mutation. For cargo-fuzz for Security Audit, this matters because the same input may be a harmless reject or a real issue depending on the contract you define.

Expect iteration after the first run

The first output is usually a starting harness, not the final one. Improve it by trimming unrelated setup, adding corpus seeds that reflect real traffic, and narrowing the target until crashes are meaningful rather than generic parser failures.

Use repository evidence, not assumptions

If the repo already has examples, existing tests, feature flags, or unsafe code hotspots, feed those into the prompt. cargo-fuzz skill output gets better when you point it at the exact files, functions, or error paths that matter instead of asking it to infer everything from the crate name.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

solana-vulnerability-scanner

by trailofbits

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

Security Audit

Favorites 0GitHub 4.9k

sharp-edges

by trailofbits

The sharp-edges skill helps you find APIs, configs, and interfaces where the easy path leads to insecure use. Use it to review authentication flows, cryptographic wrappers, dangerous defaults, null or zero semantics, and misuse-prone design choices. It is a strong fit for sharp-edges for Security Audit work when you need concrete footguns, not generic security guesses.

Security Audit

Favorites 0GitHub 5k

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

ossfuzz

by trailofbits

Learn the ossfuzz skill for continuous fuzzing setup, project enrollment, harness planning, and build workflow review. This guide helps security engineers and maintainers assess readiness, spot build blockers, and prepare a practical path from source tree to OSS-Fuzz or private fuzzing infrastructure.

Security Audit

Favorites 0GitHub 5k

codeql

by trailofbits

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

Security Audit

Favorites 0GitHub 5k

semgrep-rule-creator

by trailofbits

semgrep-rule-creator creates production-quality Semgrep rules for security vulnerabilities, bug patterns, taint-flow detections, and coding standards. Use the semgrep-rule-creator skill for Security Audit work when you need precise rules, test cases, and validation instead of a generic draft.

Security Audit

Favorites 0GitHub 5k

insecure-defaults

by trailofbits

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

Security Audit

Favorites 0GitHub 5k

constant-time-analysis

by trailofbits

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

Security Audit

Favorites 0GitHub 5k

secure-workflow-guide

by trailofbits

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

Security Audit

Favorites 0GitHub 4.9k

algorand-vulnerability-scanner

by trailofbits

algorand-vulnerability-scanner is a security-audit skill for Algorand TEAL and PyTeal. It helps find 11 common issues, including rekeying attacks, fee validation gaps, field checks, and access control flaws. Use the algorand-vulnerability-scanner skill for a practical first-pass review before a manual audit.

Security Audit

Favorites 0GitHub 4.9k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

entra-agent-id

by microsoft

entra-agent-id is a Microsoft Entra Agent ID preview skill for backend development teams building OAuth2-capable AI agent identities with Graph beta. It covers blueprint setup, blueprint principals, agent identities, permissions, sponsors, workload identity federation, and sidecar-based auth. Use it to understand entra-agent-id install, usage, and rollout constraints.

Backend Development

Favorites 0GitHub 0

token-integration-analyzer

by trailofbits

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

Security Audit

Favorites 0GitHub 4.9k

cosmos-vulnerability-scanner

by trailofbits

cosmos-vulnerability-scanner finds consensus-critical bugs in Cosmos SDK modules, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. Use this cosmos-vulnerability-scanner guide for security audit workflows, chain-halt risks, fund-loss paths, and pre-launch reviews.

Security Audit

Favorites 0GitHub 4.9k

ruzzy

by trailofbits

ruzzy is a coverage-guided Ruby fuzzing skill for testing pure Ruby code and Ruby C extensions. Use the ruzzy guide to set up a supported Linux environment, verify sanitizer wiring, and build practical fuzzing workflows for Security Audit work.

Security Audit

Favorites 0GitHub 5k