ossfuzz

by trailofbits

Learn the ossfuzz skill for continuous fuzzing setup, project enrollment, harness planning, and build workflow review. This guide helps security engineers and maintainers assess readiness, spot build blockers, and prepare a practical path from source tree to OSS-Fuzz or private fuzzing infrastructure.

Stars5k

Favorites0

Comments0

AddedMay 7, 2026

CategorySecurity Audit

Install Command

npx skills add trailofbits/skills --skill ossfuzz

Curation Score

This skill scores 84/100, which means it is a solid listing candidate for directory users: it appears genuinely actionable for OSS-Fuzz setup and enrollment, with enough workflow detail to reduce guesswork compared with a generic prompt, though it still lacks some install-oriented packaging signals. The repository gives users a credible reason to install if they need guidance on continuous fuzzing infrastructure, project onboarding, or local OSS-Fuzz harness workflows.

84/100

Strengths

Clear trigger and use case for setting up continuous fuzzing or enrolling projects in OSS-Fuzz.
Substantial workflow content with many headings, code fences, and repo/file references, suggesting operational guidance rather than a stub.
Explains key OSS-Fuzz concepts such as helper.py, project.yaml, Dockerfile, build.sh, and criticality score, which helps agents map tasks to required artifacts.

Cautions

No install command or companion support files are present, so users should expect to work from the SKILL.md guidance rather than a turnkey package.
The description frontmatter is very short, so the repository relies on the body content for context and may take a little longer to orient new users.

Fuzzing Ossfuzz Security Google Docker Cli Testing

Overview

Overview of ossfuzz skill

OSS-Fuzz is a workflow skill for setting up continuous fuzzing with the ossfuzz toolchain and for understanding how projects are enrolled, built, and run in the OSS-Fuzz ecosystem. Use the ossfuzz skill if you need to move from “we should fuzz this” to a working plan for harnesses, build files, and project submission.

Who the ossfuzz skill is for

This skill fits maintainers, security engineers, and build-focused developers who need practical OSS-Fuzz guidance rather than a general fuzzing primer. It is especially useful for people preparing a project for acceptance, reproducing a fuzzing setup locally, or reviewing whether a codebase is a good candidate.

What it helps you do

The real job-to-be-done is to turn a source tree into a fuzzable project with a repeatable build. The ossfuzz guide helps you identify the required files, the local helper workflow, and the constraints that usually block adoption, such as missing build scripts, unclear dependencies, or no usable harness entry points.

Why this skill is different

Unlike a generic prompt about fuzzing, ossfuzz is tied to a specific operating model: project config, containerized builds, helper commands, and OSS-Fuzz submission expectations. That makes it more decision-useful for ossfuzz for Security Audit, where you need to judge readiness, coverage gaps, and whether the project can be maintained after initial setup.

How to Use ossfuzz skill

Install ossfuzz and open the right files

Use the ossfuzz install flow through your skills manager, then start with SKILL.md in plugins/testing-handbook-skills/skills/ossfuzz. Because this skill has no extra scripts or references, the main value is in reading the core markdown carefully and mapping it to your repository before you ask for output.

Give the skill a concrete fuzzing target

Strong ossfuzz usage starts with a specific target, not a vague request. Say what repository, language, build system, and entry point you want fuzzed, and include the parts that matter for buildability: compiler/toolchain, container limits, and whether you need local-only validation or OSS-Fuzz submission prep.

Example input shape:

Project: libpng
Goal: add a parser harness for PNG decode paths
Constraints: Docker build only, no network access, CI-compatible
Output needed: harness plan, project.yaml notes, and likely build blockers

Start from the repository contract

Before prompting, inspect the existing build and test path your project already uses. For ossfuzz, that usually means locating the files that define how the project compiles today, then translating that into a fuzzing build. If the repo already has a custom build script, CI matrix, or container setup, include that in the prompt so the skill can avoid inventing an incompatible workflow.

Use a workflow prompt, not a one-line ask

A good ossfuzz guide prompt should ask for sequence and output shape. For example: “Review this project for OSS-Fuzz readiness, identify the best fuzz target candidates, propose a minimal harness plan, list required build changes, and flag anything likely to fail OSS-Fuzz acceptance.” That framing gives you a usable next step instead of a generic explanation.

ossfuzz skill FAQ

Is ossfuzz only for projects that can join Google OSS-Fuzz?

No. The ossfuzz skill covers both OSS-Fuzz enrollment thinking and the broader pattern of continuous fuzzing. If your project will not be accepted upstream, the same guidance still helps you build a private continuous fuzzing setup.

Is ossfuzz beginner friendly?

It is beginner friendly only if you already know the code path you want to fuzz. The skill is not a substitute for choosing a harness target or understanding the build system, so beginners get better results when they provide a small, concrete scope and ask for readiness checks first.

How is this different from a normal fuzzing prompt?

A normal prompt may describe fuzzing in general terms. The ossfuzz skill is better when you need buildable, repo-specific output: project files, helper-based workflows, and the practical constraints that decide whether the setup will work in CI or in OSS-Fuzz infrastructure.

When should I not use ossfuzz?

Do not use it if you only need a high-level explanation of fuzzing, or if your project has no stable build path and you are not ready to define a harness entry point. In those cases, fix the build and test surface first, then return to ossfuzz for implementation planning.

How to Improve ossfuzz skill

Provide the harness boundary up front

The best results come when you tell the skill exactly which parser, codec, protocol handler, or API surface should be fuzzed. If you leave the boundary vague, the output will drift toward broad recommendations instead of a focused, actionable setup.

Include build and environment constraints

For ossfuzz for Security Audit, the most useful input is not just the target code but the constraints that affect reproducibility: supported OS, Docker availability, dependency restrictions, network access, and whether sanitizer builds are already working. These details let the skill produce a plan that survives real implementation.

Ask for blockers, not just steps

A strong follow-up is: “What will break this OSS-Fuzz setup?” That pushes the skill to surface missing libraries, unsupported language features, flaky tests, or harnesses that depend on global state. Those blockers are often more valuable than the happy-path instructions.

Iterate from one minimal target

Start with one parser or one entry point, then expand only after you have a working build. If the first pass fails, feed the failure output back into the ossfuzz skill and ask for a narrower fix list, a build-file correction, or an alternative harness strategy.

Ratings & Reviews

No ratings yet

Share your review

0/10000

Latest reviews

Saving...

more skill

solana-vulnerability-scanner

by trailofbits

solana-vulnerability-scanner is a focused Solana security audit skill for native Rust and Anchor programs. It helps review CPI logic, PDA validation, signer and ownership checks, and sysvar spoofing to catch six critical Solana-specific vulnerabilities before deployment.

Security Audit

Favorites 0GitHub 4.9k

sharp-edges

by trailofbits

The sharp-edges skill helps you find APIs, configs, and interfaces where the easy path leads to insecure use. Use it to review authentication flows, cryptographic wrappers, dangerous defaults, null or zero semantics, and misuse-prone design choices. It is a strong fit for sharp-edges for Security Audit work when you need concrete footguns, not generic security guesses.

Security Audit

Favorites 0GitHub 5k

security-review

by affaan-m

Use the security-review skill to review auth, user input, secrets, APIs, payments, uploads, and other sensitive flows. It provides a practical security-review guide with clear pass/fail checks, risky-pattern examples, and a focused process for catching common issues before release.

Security Audit

Favorites 0GitHub 156.3k

django-security

by affaan-m

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

Security Audit

Favorites 0GitHub 156.1k

codeql

by trailofbits

The codeql skill helps you run CodeQL with fewer blind spots during a security audit. It focuses on database quality, suite selection, data extensions, and SARIF review so you can use codeql usage more reliably across supported languages. Use it for repeatable codeql guide steps when analyzing real repositories.

Security Audit

Favorites 0GitHub 5k

semgrep-rule-creator

by trailofbits

semgrep-rule-creator creates production-quality Semgrep rules for security vulnerabilities, bug patterns, taint-flow detections, and coding standards. Use the semgrep-rule-creator skill for Security Audit work when you need precise rules, test cases, and validation instead of a generic draft.

Security Audit

Favorites 0GitHub 5k

insecure-defaults

by trailofbits

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

Security Audit

Favorites 0GitHub 5k

constant-time-analysis

by trailofbits

constant-time-analysis is a security-audit skill for finding timing side-channel risks in cryptographic code before they become exploitable bugs. Use it to review secret-dependent math, branches, comparisons, and compiled output when checking C, C++, Go, Rust, Swift, Java, Kotlin, PHP, JavaScript, TypeScript, Python, or Ruby.

Security Audit

Favorites 0GitHub 5k

secure-workflow-guide

by trailofbits

secure-workflow-guide guides a 5-step Solidity security workflow: Slither triage, feature-specific checks, visual inspection, security-property notes, and manual review. It is built for smart contract teams, auditors, and builders who want a repeatable secure-workflow-guide guide before deployment or release.

Security Audit

Favorites 0GitHub 4.9k

algorand-vulnerability-scanner

by trailofbits

algorand-vulnerability-scanner is a security-audit skill for Algorand TEAL and PyTeal. It helps find 11 common issues, including rekeying attacks, fee validation gaps, field checks, and access control flaws. Use the algorand-vulnerability-scanner skill for a practical first-pass review before a manual audit.

Security Audit

Favorites 0GitHub 4.9k

supabase-postgres-best-practices

by supabase

supabase-postgres-best-practices is a Supabase Postgres optimization skill for query tuning, indexing, schema design, RLS performance, locking, and connection management.

Database Engineering

Favorites 0GitHub 1.7k

entra-agent-id

by microsoft

entra-agent-id is a Microsoft Entra Agent ID preview skill for backend development teams building OAuth2-capable AI agent identities with Graph beta. It covers blueprint setup, blueprint principals, agent identities, permissions, sponsors, workload identity federation, and sidecar-based auth. Use it to understand entra-agent-id install, usage, and rollout constraints.

Backend Development

Favorites 0GitHub 0

token-integration-analyzer

by trailofbits

token-integration-analyzer is a security-review skill for token implementations and token integrations. It checks ERC20/ERC721 conformity, weird token patterns, owner privileges, scarcity, and non-standard token handling for Security Audit workflows. Use the token-integration-analyzer guide to reduce guesswork and assess compatibility risk.

Security Audit

Favorites 0GitHub 4.9k

cosmos-vulnerability-scanner

by trailofbits

cosmos-vulnerability-scanner finds consensus-critical bugs in Cosmos SDK modules, CosmWasm contracts, IBC integrations, and Cosmos EVM stacks. Use this cosmos-vulnerability-scanner guide for security audit workflows, chain-halt risks, fund-loss paths, and pre-launch reviews.

Security Audit

Favorites 0GitHub 4.9k

ruzzy

by trailofbits

ruzzy is a coverage-guided Ruby fuzzing skill for testing pure Ruby code and Ruby C extensions. Use the ruzzy guide to set up a supported Linux environment, verify sanitizer wiring, and build practical fuzzing workflows for Security Audit work.

Security Audit

Favorites 0GitHub 5k

libfuzzer

by trailofbits

libfuzzer is a coverage-guided fuzzer for C/C++ projects compiled with Clang. This libfuzzer skill helps you install, understand, and use the workflow for harnessing targets, running sanitizers, and starting a practical security audit with minimal setup.

Security Audit

Favorites 0GitHub 5k