ruzzy skill

safe

This skill helps you discover Rust vulnerabilities using Ruzzy fuzzing to automate vulnerability discovery and improve security.

npx playbooks add skill plurigrid/asi --skill ruzzy

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

1.2 KB

---
name: ruzzy
description: Rust fuzzing with Ruzzy for automated vulnerability discovery.
category: testing-handbook-skills
author: Trail of Bits
source: trailofbits/skills
license: AGPL-3.0
trit: -1
trit_label: MINUS
verified: true
featured: false
---

# Ruzzy Skill

**Trit**: -1 (MINUS)
**Category**: testing-handbook-skills
**Author**: Trail of Bits
**Source**: trailofbits/skills
**License**: AGPL-3.0

## Description

Rust fuzzing with Ruzzy for automated vulnerability discovery.

## When to Use

This is a Trail of Bits security skill. Refer to the original repository for detailed usage guidelines and examples.

See: https://github.com/trailofbits/skills

## Related Skills

- audit-context-building
- codeql
- semgrep
- variant-analysis


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 8. Degeneracy

**Concepts**: redundancy, fallback, multiple strategies, robustness

### GF(3) Balanced Triad

```
ruzzy (+) + SDF.Ch8 (−) + [balancer] (○) = 0
```

**Skill Trit**: 1 (PLUS - generation)


### Connection Pattern

Degeneracy provides fallbacks. This skill offers redundant strategies.

Overview

This skill integrates Ruzzy-powered Rust fuzzing for automated vulnerability discovery in Rust projects. It helps find logic errors, memory-safety issues, and crash-inducing inputs by driving corpus-guided fuzz campaigns. The skill is focused on practical security testing workflows that scale across crates and CI pipelines.

How this skill works

The skill sets up Ruzzy fuzz targets and runs instrumentation-guided fuzzing to explore program paths and generate inputs that trigger crashes or undefined behavior. It automates corpus management, seed selection, and minimization of failing inputs so results are actionable. Outputs include crash artifacts, minimized testcases, and coverage metrics to prioritize follow-up triage.

When to use it

During security testing of Rust libraries, binaries, and FFI boundaries.
When you need automated discovery of crashes, panics, or logic violations.
Before releases to reduce risk from regressions and undiscovered bugs.
As part of CI to continuously fuzz changed code paths.
When triaging hard-to-reproduce crashes to generate deterministic reproducer inputs.

Best practices

Create focused fuzz targets that exercise one API surface or entry point at a time.
Provide diverse, realistic seeds to guide the fuzzer toward meaningful behaviors.
Run both short local campaigns and longer cloud/CI campaigns for depth and breadth.
Instrument and enable coverage reporting to prioritize high-impact findings.
Minimize and de-duplicate crashes immediately to reduce analyst workload.

Example use cases

Fuzzing a JSON parser crate to uncover panic-inducing inputs and logic flaws.
Testing FFI boundary code interacting with C libraries to find memory-unsafe cases.
Automating nightly fuzz campaigns in CI and surfacing new crashes as issues.
Generating small reproducer files for security reports or CVE triage.
Comparing coverage before and after a refactor to ensure no reduction in exercised paths.

FAQ

Do I need special build flags to use Ruzzy?

Yes. Build the Rust targets with instrumentation enabled (for example, use cargo features or RUSTFLAGS that enable coverage/instrumentation) so the fuzzer can collect execution feedback.

How do I keep fuzzing cost manageable in CI?

Run short, targeted fuzz campaigns on each PR and schedule longer, more exhaustive runs off-peak or in dedicated fuzzing jobs with longer time budgets.