ClawHub

Harness Writing

v1.0.0

Techniques for writing effective fuzzing harnesses across languages. Use when creating new fuzz targets or improving existing harness code.

0· 64·0 current·0 all-time
by@reikys
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name and description match the SKILL.md content: the file contains practical guidance and code examples for creating and improving fuzzing harnesses. There are no extraneous requirements (no binaries, environment variables, or config paths) that don't belong to the stated purpose.
Instruction Scope
The instructions are limited to identifying entry points, writing and validating harnesses, structuring inputs, and iterating on fuzzing metrics. They do not direct the agent to read unrelated files, exfiltrate data, or contact external endpoints. Example code calls target functions (as expected) and recommends monitoring coverage and crashes—appropriate for the topic.
Install Mechanism
There is no install spec and no code files — this is an instruction-only skill, which minimizes filesystem and supply-chain risk.
Credentials
The skill declares no required environment variables, credentials, or config paths. The guidance itself does not reference accessing secrets or unrelated services.
Persistence & Privilege
always is false and the skill does not request any elevated or persistent presence. It does not modify other skills or system-wide configuration.
Assessment
This skill appears coherent and instruction-only, but fuzzing is inherently risky: run fuzzers and harnesses in isolated/test environments (not production) because they trigger crashes, heavy resource use, and can execute buggy code. Review and adapt the example harnesses to avoid undefined behavior (e.g., unvalidated casts, out-of-bounds access), add appropriate timeouts and resource limits, and ensure you do not feed fuzzed inputs into systems that perform destructive actions (database writes, network calls) unless those are sandboxed. If you need automation or tooling beyond the guidance here, expect to install fuzzing tools (libFuzzer, AFL, honggfuzz) separately and vet those packages.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0k4egw4fcqy5rtmsfpp8ks83ntrs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments