Trail of Bits 测试手册技能生成器 - 自动化创建安全测试AI技能工具

testing-handbook-generator by trailofbits/skills

1,100 周安装量

3,900 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/trailofbits/skills --skill testing-handbook-generator

AI/机器学习测试安全

🇨🇳中文介绍

测试手册技能生成器

根据 Trail of Bits 测试手册生成和维护 Claude Code 技能。

使用时机

在以下情况调用此技能：

根据手册内容创建新的安全测试技能
用户提及“测试手册”、“appsec.guide”或询问生成技能相关事宜
需要进行批量技能生成或刷新时

请勿用于：

一般性安全测试问题（请使用已生成的技能）
非手册相关的技能创建

手册位置

此技能需要测试手册仓库。完整详情请参阅 discovery.md。

快速参考： 检查 ./testing-handbook、../testing-handbook、~/testing-handbook → 询问用户 → 最后手段是克隆。

仓库地址： https://github.com/trailofbits/testing-handbook

工作流概览

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

find-skills 技能搜索工具 - Vercel Labs 开源智能体技能包管理器

733,500 周安装

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

102,200 周安装

AI Elements：基于shadcn/ui的AI原生应用组件库，快速构建对话界面

50,500 周安装

AI 代码实施计划编写技能 | 自动化开发任务分解与 TDD 流程规划工具

40,200 周安装

    Phase 0: 设置              Phase 1: 发现
    ┌─────────────────┐        ┌─────────────────┐
    │ 定位手册        │   →    │ 分析手册        │
    │ - 查找或克隆    │        │ - 扫描章节      │
    │ - 确认路径      │        │ - 分类类型      │
    └─────────────────┘        └─────────────────┘
             ↓                          ↓
    Phase 3: 生成              Phase 2: 规划
    ┌─────────────────┐        ┌─────────────────┐
    │ 双阶段生成      │   ←    │ 生成计划        │
    │ 阶段1: 内容     │        │ - 新技能        │
    │ 阶段2: 交叉引用 │        │ - 更新          │
    │ - 写入 gen/     │        │ - 呈现给用户    │
    └─────────────────┘        └─────────────────┘
             ↓
    Phase 4: 测试              Phase 5: 收尾
    ┌─────────────────┐        ┌─────────────────┐
    │ 验证技能        │   →    │ 生成后处理      │
    │ - 运行验证器    │        │ - 更新 README   │
    │ - 测试激活      │        │ - 更新交叉引用  │
    │ - 修复问题      │        │ - 自我改进      │
    └─────────────────┘        └─────────────────┘

手册章节	技能类型	模板
`/static-analysis/[工具]/`	工具技能	tool-skill.md
`/fuzzing/[语言]/[模糊测试器]/`	模糊测试器技能	fuzzer-skill.md
`/fuzzing/techniques/`	技术技能	technique-skill.md
`/crypto/[工具]/`	领域技能	domain-skill.md
`/web/[工具]/`	工具技能	tool-skill.md

信号	指示
带有 `bookCollapseSection: true` 的 `_index.md`	主要工具/主题
编号文件（00-、10-、20-）	结构化内容
`techniques/` 子章节	方法论内容
`99-resources.md` 或 `91-resources.md`	包含外部链接

信号	操作
前置元数据中的 `draft: true`	跳过该章节
空目录	跳过该章节
模板/占位符文件	跳过该章节
仅 GUI 工具（例如 `web/burp/`）	跳过该章节（Claude 无法操作 GUI 工具）

    ├─ 需要分析手册并制定计划？
    │  └─ 阅读：discovery.md
    │     （手册分析方法论，计划格式）
    │
    ├─ 生成技能生成代理？
    │  └─ 阅读：agent-prompt.md
    │     （完整提示模板，变量参考，验证清单）
    │
    ├─ 生成特定技能类型？
    │  └─ 阅读相应模板：
    │     ├─ 工具（Semgrep, CodeQL） → templates/tool-skill.md
    │     ├─ 模糊测试器（libFuzzer, AFL++） → templates/fuzzer-skill.md
    │     ├─ 技术（测试工具编写，覆盖率） → templates/technique-skill.md
    │     └─ 领域（加密，Web） → templates/domain-skill.md
    │
    ├─ 验证生成的技能？
    │  └─ 运行：scripts/validate-skills.py
    │     然后阅读：testing.md 进行激活测试
    │
    ├─ 生成后收尾？
    │  └─ 参见：下文“生成后任务”
    │     （更新主 README，更新技能交叉引用，自我改进）
    │
    └─ 从特定章节快速生成？
       └─ 使用上方的快速参考，直接应用模板

    Pass 1 - 并行生成 5 个技能：
    ├─ 代理 1: libfuzzer (模糊测试器) → skills/libfuzzer/SKILL.md
    ├─ 代理 2: aflpp (模糊测试器) → skills/aflpp/SKILL.md
    ├─ 代理 3: semgrep (工具) → skills/semgrep/SKILL.md
    ├─ 代理 4: harness-writing (技术) → skills/harness-writing/SKILL.md
    └─ 代理 5: wycheproof (领域) → skills/wycheproof/SKILL.md

    每个代理使用：pass=1 （仅内容，相关技能留空）

失败类型	检测方式	恢复操作
代理崩溃	无输出报告	使用相同输入重新运行单个代理
验证失败	输出报告显示错误	检查差距/警告，手动修补或重新运行
错误的技能类型	内容与模板不匹配	使用修正后的 `type` 参数重新运行
内容缺失	输出报告列出差距	如果差距较小则接受，或提供额外的 `related_sections`
阶段 2 引用损坏	验证器显示技能缺失	检查技能是否被跳过，更新引用

所有手册章节已分析（阶段 1）
生成前向用户呈现计划（阶段 2）
启动并行代理 - 每个技能一个（阶段 3）
根据技能类型正确应用模板
验证器通过：uv run scripts/validate-skills.py
激活测试通过 - 参见 testing.md
主 README.md 已更新，包含生成的技能表格
README.md 技能交叉引用图已更新
已捕获自我改进说明
已向用户通知并附上摘要

    | 插件 | 描述 | 作者 |
    |--------|-------------|--------|
    | ... 其他插件 ... |
    | [testing-handbook-skills](plugins/testing-handbook-skills/) | 从测试手册生成技能的元技能 | Paweł Płatek |
    | [libfuzzer](plugins/testing-handbook-skills/skills/libfuzzer/) | 使用 libFuzzer 对 C/C++ 进行覆盖率引导的模糊测试 | testing-handbook-generator |
    | [aflpp](plugins/testing-handbook-skills/skills/aflpp/) | 使用 AFL++ 进行多核模糊测试 | testing-handbook-generator |
    | [semgrep](plugins/testing-handbook-skills/skills/semgrep/) | 用于查找错误的快速静态分析 | testing-handbook-generator |

读取每个生成技能的 SKILL.md 并提取其 ## 相关技能 部分
构建按技能类型（模糊测试器、技术、工具、领域）分组的 mermaid 图
根据“相关技能”关系添加边：
- 实线箭头（-->）用于主要技术依赖
- 虚线箭头（-.->）用于替代工具建议
替换 README.md 中现有的 mermaid 代码块

关系	箭头样式	示例
模糊测试器 → 技术	`-->`	`libfuzzer --> harness-writing`
工具 → 工具（替代）	`-.->`	`semgrep -.-> codeql`
模糊测试器 → 模糊测试器（替代）	`-.->`	`libfuzzer -.-> aflpp`
技术 → 技术	`-->`	`harness-writing --> coverage-analysis`

记录生成过程中遇到的问题
识别导致问题的模式
更新相关文件：
- SKILL.md - 工作流、决策树、快速参考更新
- templates/*.md - 模板改进
- discovery.md - 检测逻辑更新
- testing.md - 新的验证检查
在提交消息中记录改进

    用户："从测试手册生成技能"

    1. 定位手册（检查常见位置，询问用户，或克隆）
    2. 阅读 discovery.md 了解方法论
    3. 扫描 {handbook_path}/content/docs/ 处的手册
    4. 构建带类型的候选列表
    5. 向用户呈现计划
    6. 获得批准后，使用适当的模板生成每个技能
    7. 验证生成的技能
    8. 使用生成的技能表格更新主 README.md
    9. 根据“相关技能”部分更新 README.md 技能交叉引用图
    10. 自我改进：记录任何模板/发现问题以供未来运行参考
    11. 报告结果

🇺🇸English

Testing Handbook Skill Generator

Generate and maintain Claude Code skills from the Trail of Bits Testing Handbook.

When to Use

Invoke this skill when:

Creating new security testing skills from handbook content
User mentions "testing handbook", "appsec.guide", or asks about generating skills
Bulk skill generation or refresh is needed

Do NOT use for:

General security testing questions (use the generated skills)
Non-handbook skill creation

Handbook Location

The skill needs the Testing Handbook repository. See discovery.md for full details.

Quick reference: Check ./testing-handbook, ../testing-handbook, ~/testing-handbook → ask user → clone as last resort.

Repository: https://github.com/trailofbits/testing-handbook

Workflow Overview

Phase 0: Setup              Phase 1: Discovery
┌─────────────────┐        ┌─────────────────┐
│ Locate handbook │   →    │ Analyze handbook│
│ - Find or clone │        │ - Scan sections │
│ - Confirm path  │        │ - Classify types│
└─────────────────┘        └─────────────────┘
         ↓                          ↓
Phase 3: Generation        Phase 2: Planning
┌─────────────────┐        ┌─────────────────┐
│ TWO-PASS GEN    │   ←    │ Generate plan   │
│ Pass 1: Content │        │ - New skills    │
│ Pass 2: X-refs  │        │ - Updates       │
│ - Write to gen/ │        │ - Present user  │
└─────────────────┘        └─────────────────┘
         ↓
Phase 4: Testing           Phase 5: Finalize
┌─────────────────┐        ┌─────────────────┐
│ Validate skills │   →    │ Post-generation │
│ - Run validator │        │ - Update README │
│ - Test activation│       │ - Update X-refs │
│ - Fix issues    │        │ - Self-improve  │
└─────────────────┘        └─────────────────┘

Scope Restrictions

ONLY modify these locations:

plugins/testing-handbook-skills/skills/[skill-name]/* - Generated skills (as siblings to testing-handbook-generator)
plugins/testing-handbook-skills/skills/testing-handbook-generator/* - Self-improvement
Repository root README.md - Add generated skills to table

NEVER modify or analyze:

Other plugins (plugins/property-based-testing/, plugins/static-analysis/, etc.)
Other skills outside this plugin

Do not scan or pull into context any skills outside of testing-handbook-skills/. Generate skills based solely on handbook content and resources referenced from it.

Quick Reference

Section → Skill Type Mapping

Handbook Section	Skill Type	Template
`/static-analysis/[tool]/`	Tool Skill	tool-skill.md
`/fuzzing/[lang]/[fuzzer]/`	Fuzzer Skill	fuzzer-skill.md
`/fuzzing/techniques/`	Technique Skill	technique-skill.md
`/crypto/[tool]/`	Domain Skill	domain-skill.md
`/web/[tool]/`	Tool Skill

Skill Candidate Signals

Signal	Indicates
`_index.md` with `bookCollapseSection: true`	Major tool/topic
Numbered files (00-, 10-, 20-)	Structured content
`techniques/` subsection	Methodology content
`99-resources.md` or `91-resources.md`	Has external links

Exclusion Signals

Signal	Action
`draft: true` in frontmatter	Skip section
Empty directory	Skip section
Template/placeholder file	Skip section
GUI-only tool (e.g., `web/burp/`)	Skip section (Claude cannot operate GUI tools)

Decision Tree

Starting skill generation?

├─ Need to analyze handbook and build plan?
│  └─ Read: discovery.md
│     (Handbook analysis methodology, plan format)
│
├─ Spawning skill generation agents?
│  └─ Read: agent-prompt.md
│     (Full prompt template, variable reference, validation checklist)
│
├─ Generating a specific skill type?
│  └─ Read appropriate template:
│     ├─ Tool (Semgrep, CodeQL) → templates/tool-skill.md
│     ├─ Fuzzer (libFuzzer, AFL++) → templates/fuzzer-skill.md
│     ├─ Technique (harness, coverage) → templates/technique-skill.md
│     └─ Domain (crypto, web) → templates/domain-skill.md
│
├─ Validating generated skills?
│  └─ Run: scripts/validate-skills.py
│     Then read: testing.md for activation testing
│
├─ Finalizing after generation?
│  └─ See: Post-Generation Tasks below
│     (Update main README, update Skills Cross-Reference, self-improvement)
│
└─ Quick generation from specific section?
   └─ Use Quick Reference above, apply template directly

Two-Pass Generation (Phase 3)

Generation uses a two-pass approach to solve forward reference problems (skills referencing other skills that don't exist yet).

Pass 1: Content Generation (Parallel)

Generate all skills in parallel without the Related Skills section:

Pass 1 - Generating 5 skills in parallel:
├─ Agent 1: libfuzzer (fuzzer) → skills/libfuzzer/SKILL.md
├─ Agent 2: aflpp (fuzzer) → skills/aflpp/SKILL.md
├─ Agent 3: semgrep (tool) → skills/semgrep/SKILL.md
├─ Agent 4: harness-writing (technique) → skills/harness-writing/SKILL.md
└─ Agent 5: wycheproof (domain) → skills/wycheproof/SKILL.md

Each agent uses: pass=1 (content only, Related Skills left empty)

Pass 1 agents:

Generate all sections EXCEPT Related Skills
Leave a placeholder: ## Related Skills\n\n
Output report includes references: DEFERRED

Pass 2: Cross-Reference Population (Sequential)

After all Pass 1 agents complete, run Pass 2 to populate Related Skills:

Pass 2 - Populating cross-references:
├─ Read all generated skill names from skills/*/SKILL.md
├─ For each skill, determine related skills based on:
│   ├─ related_sections from discovery (handbook structure)
│   ├─ Skill type relationships (fuzzers → techniques)
│   └─ Explicit mentions in content
└─ Update each SKILL.md's Related Skills section

Pass 2 process:

Collect all generated skill names: ls -d skills/*/SKILL.md
For each skill, identify related skills using the mapping from discovery
Edit each SKILL.md to replace the placeholder with actual links
Validate cross-references exist (no broken links)

Agent Prompt Template

See agent-prompt.md for the full prompt template with:

Variable substitution reference (including pass variable)
Pre-write validation checklist
Hugo shortcode conversion rules
Line count splitting rules
Error handling guidance
Output report format

Collecting Results

After Pass 1: Aggregate output reports, verify all skills generated. After Pass 2: Run validator to check cross-references.

Handling Agent Failures

If an agent fails or produces invalid output:

Failure Type	Detection	Recovery Action
Agent crashed	No output report	Re-run single agent with same inputs
Validation failed	Output report shows errors	Check gaps/warnings, manually patch or re-run
Wrong skill type	Content doesn't match template	Re-run with corrected `type` parameter
Missing content	Output report lists gaps	Accept if minor, or provide additional `related_sections`
Pass 2 broken ref	Validator shows missing skill	Check if skill was skipped, update reference

Important: Do NOT re-run the entire parallel batch for a single agent failure. Fix individual failures independently.

Single-Skill Regeneration

To regenerate a single skill without re-running the entire batch:

# Regenerate single skill (Pass 1 - content only)
"Use testing-handbook-generator to regenerate the {skill-name} skill from section {section_path}"

# Example:
"Use testing-handbook-generator to regenerate the libfuzzer skill from section fuzzing/c-cpp/10-libfuzzer"

Regeneration workflow:

Re-read the handbook section for fresh content
Apply the appropriate template
Write to skills/{skill-name}/SKILL.md (overwrites existing)
Re-run Pass 2 for that skill only to update cross-references
Run validator on the single skill: uv run scripts/validate-skills.py --skill {skill-name}

Output Location

Generated skills are written to:

skills/[skill-name]/SKILL.md

Each skill gets its own directory for potential supporting files (as siblings to testing-handbook-generator).

Quality Checklist

Before delivering generated skills:

All handbook sections analyzed (Phase 1)
Plan presented to user before generation (Phase 2)
Parallel agents launched - one per skill (Phase 3)
Templates applied correctly per skill type
Validator passes: uv run scripts/validate-skills.py
Activation testing passed - see testing.md
Main README.md updated with generated skills table
README.md Skills Cross-Reference graph updated
Self-improvement notes captured
User notified with summary

Post-Generation Tasks

1. Update Main README

After generating skills, update the repository's main README.md to list them.

Format: Add generated skills to the same "Available Plugins" table, directly after testing-handbook-skills. Use plain text testing-handbook-generator as the author (no link).

Example:

| Plugin | Description | Author |
|--------|-------------|--------|
| ... other plugins ... |
| [testing-handbook-skills](plugins/testing-handbook-skills/) | Meta-skill that generates skills from the Testing Handbook | Paweł Płatek |
| [libfuzzer](plugins/testing-handbook-skills/skills/libfuzzer/) | Coverage-guided fuzzing with libFuzzer for C/C++ | testing-handbook-generator |
| [aflpp](plugins/testing-handbook-skills/skills/aflpp/) | Multi-core fuzzing with AFL++ | testing-handbook-generator |
| [semgrep](plugins/testing-handbook-skills/skills/semgrep/) | Fast static analysis for finding bugs | testing-handbook-generator |

2. Update Skills Cross-Reference

After generating skills, update the README.md's Skills Cross-Reference section with the mermaid graph showing skill relationships.

Process:

Read each generated skill's SKILL.md and extract its ## Related Skills section
Build the mermaid graph with nodes grouped by skill type (Fuzzers, Techniques, Tools, Domain)
Add edges based on the Related Skills relationships:
- Solid arrows (-->) for primary technique dependencies
- Dashed arrows (-.->) for alternative tool suggestions
Replace the existing mermaid code block in README.md

Edge classification:

Relationship	Arrow Style	Example
Fuzzer → Technique	`-->`	`libfuzzer --> harness-writing`
Tool → Tool (alternative)	`-.->`	`semgrep -.-> codeql`
Fuzzer → Fuzzer (alternative)	`-.->`	`libfuzzer -.-> aflpp`
Technique → Technique

Validation: After updating, run validate-skills.py to verify all referenced skills exist.

3. Self-Improvement

After each generation run, reflect on what could improve future runs.

Capture improvements to:

Templates (missing sections, better structure)
Discovery logic (missed patterns, false positives)
Content extraction (shortcodes not handled, formatting issues)

Update process:

Note issues encountered during generation
Identify patterns that caused problems
Update relevant files:
- SKILL.md - Workflow, decision tree, quick reference updates
- templates/*.md - Template improvements
- discovery.md - Detection logic updates
- testing.md - New validation checks
Document the improvement in commit message

Example self-improvement:

Issue: libFuzzer skill missing sanitizer flags table
Fix: Updated templates/fuzzer-skill.md to include ## Compiler Flags section

Example Usage

Full Discovery and Generation

User: "Generate skills from the testing handbook"

1. Locate handbook (check common locations, ask user, or clone)
2. Read discovery.md for methodology
3. Scan handbook at {handbook_path}/content/docs/
4. Build candidate list with types
5. Present plan to user
6. On approval, generate each skill using appropriate template
7. Validate generated skills
8. Update main README.md with generated skills table
9. Update README.md Skills Cross-Reference graph from Related Skills sections
10. Self-improve: note any template/discovery issues for future runs
11. Report results

Single Section Generation

User: "Create a skill for the libFuzzer section"

1. Read /testing-handbook/content/docs/fuzzing/c-cpp/10-libfuzzer/
2. Identify type: Fuzzer Skill
3. Read templates/fuzzer-skill.md
4. Extract content, apply template
5. Write to skills/libfuzzer/SKILL.md
6. Validate and report

Tips

Do:

Always present plan before generating
Use appropriate template for skill type
Preserve code blocks exactly
Validate after generation

Don't:

Generate without user approval
Skip fetching non-video external resources (use WebFetch)
Fetch video URLs (YouTube, Vimeo - titles only)
Include handbook images directly
Skip validation step
Exceed 500 lines per SKILL.md

For first-time use: Start with discovery.md to understand the handbook analysis process.

For template reference: See templates/ directory for skill type templates.

For validation: See testing.md for quality assurance methodology.

Weekly Installs

1.1K

Repository

trailofbits/skills

GitHub Stars

3.9K

First Seen

Jan 19, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

claude-code1.0K

opencode967

gemini-cli947

codex943

cursor919

github-copilot887

Trail of Bits 测试手册技能生成器 - 自动化创建安全测试AI技能工具

🇨🇳中文介绍

测试手册技能生成器

使用时机

手册位置

工作流概览

相关 Skills

范围限制

快速参考

章节 → 技能类型映射

技能候选信号

排除信号

决策树

双阶段生成（阶段 3）

阶段 1：内容生成（并行）

阶段 2：交叉引用填充（顺序）

代理提示模板

收集结果

处理代理失败

单技能重新生成

输出位置

质量检查清单

生成后任务

1. 更新主 README

2. 更新技能交叉引用

3. 自我改进

使用示例

完整发现和生成

单章节生成

提示