pt-fuzzing-binary-protocol
Performs authorized fuzz testing of binary formats and network protocols to uncover parser vulnerabilities, memory safety defects, and denial-of-service conditions. Use when assessing protocol handlers, file parsers, and service robustness against malformed inputs.
91
86%
Does it follow best practices?
Impact
100%
1.08xAverage score across 3 eval scenarios
Passed
No known issues
Quality
Discovery
100%Based on the skill's description, can an agent find and select it at the right time? Clear, specific descriptions lead to better discovery.
This is a well-crafted skill description that excels across all dimensions. It provides specific concrete actions (fuzz testing, uncovering vulnerabilities), includes natural security-domain keywords users would actually use, has an explicit 'Use when...' clause with clear triggers, and occupies a distinct niche that won't conflict with other skills.
| Dimension | Reasoning | Score |
|---|---|---|
Specificity | Lists multiple specific concrete actions: 'fuzz testing of binary formats and network protocols', 'uncover parser vulnerabilities, memory safety defects, and denial-of-service conditions'. These are concrete, technical capabilities. | 3 / 3 |
Completeness | Clearly answers both what (performs fuzz testing to uncover vulnerabilities) AND when ('Use when assessing protocol handlers, file parsers, and service robustness against malformed inputs'). Has explicit 'Use when...' clause with specific triggers. | 3 / 3 |
Trigger Term Quality | Includes natural keywords users would say: 'fuzz testing', 'binary formats', 'network protocols', 'parser vulnerabilities', 'memory safety', 'denial-of-service', 'protocol handlers', 'file parsers', 'malformed inputs'. Good coverage of security testing terminology. | 3 / 3 |
Distinctiveness Conflict Risk | Clear niche in security/fuzz testing domain with distinct triggers like 'fuzz testing', 'binary formats', 'parser vulnerabilities', 'malformed inputs'. Unlikely to conflict with general coding or document skills. | 3 / 3 |
Total | 12 / 12 Passed |
Implementation
72%Reviews the quality of instructions and guidance provided to agents. Good implementation is clear, handles edge cases, and produces reliable results.
This skill provides a well-structured, concise framework for binary/protocol fuzzing with appropriate safety warnings and a useful output template. However, it lacks concrete executable examples (specific fuzzer commands, harness code snippets) and explicit validation checkpoints that would make it immediately actionable for complex fuzzing campaigns.
Suggestions
Add concrete tool examples: include specific AFL++/libFuzzer command lines for common scenarios (e.g., `afl-fuzz -i corpus/ -o findings/ -- ./target @@`)
Add a harness code example showing a minimal fuzzing harness structure for a file parser or network protocol handler
Insert explicit validation checkpoints in the workflow, such as 'Verify harness catches known-bad input before full campaign' and 'Confirm crash reproduces 3x before triaging'
| Dimension | Reasoning | Score |
|---|---|---|
Conciseness | The content is lean and efficient, avoiding explanations of what fuzzing is or how sanitizers work. Every section serves a purpose without padding or unnecessary context that Claude would already know. | 3 / 3 |
Actionability | The workflow provides clear steps but lacks concrete executable commands or code examples. Instructions like 'Configure sanitizers/debug symbols' and 'Run controlled fuzzing campaign' are directional rather than copy-paste ready with specific tool invocations (e.g., AFL++, libFuzzer commands). | 2 / 3 |
Workflow Clarity | The 5-step workflow is logically sequenced, but lacks explicit validation checkpoints and feedback loops. For destructive operations like fuzzing, there should be explicit 'verify harness works before full campaign' and 'confirm crash reproducibility before triaging' checkpoints. | 2 / 3 |
Progressive Disclosure | For a skill of this size (~60 lines), the structure is appropriate with clear sections. The output template is well-placed inline, and there's no need for external file references given the scope. | 3 / 3 |
Total | 10 / 12 Passed |
Validation
100%Checks the skill against the spec for correct structure and formatting. All validation checks must pass before discovery and implementation can be scored.
Validation — 11 / 11 Passed
Validation for skill structure
No warnings or errors.
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Reviewed
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.