Libafl
Stand up LibAFL-based fuzzing on native code so your agent can find crashes and memory bugs before you ship binaries or parsers.
Overview
LibAFL is an agent skill most often used in Ship (also Build integrations, Operate iterate) that helps solo builders configure and run LibAFL coverage-guided fuzzing on native code.
Install
npx skills add https://github.com/trailofbits/skills --skill libaflWhat is this skill?
- Guides LibAFL harness design and target instrumentation for native Rust/C/C++ codebases
- Aligns with Trail of Bits security-engineering workflows for coverage-guided fuzzing campaigns
- Supports iterative corpus growth and crash triage before production deploy
- Bridges Build-time native modules with Ship-phase security validation
Adoption & trust: 2.9k installs on skills.sh; 5.6k GitHub stars; 1/3 security scanners passed (skills.sh audits).
What problem does it solve?
You are shipping native code with hand-written parsers or binary formats but only rely on unit tests, so memory-safety bugs may still lurk in unexercised paths.
Who is it for?
Indie builders with Rust or FFI-heavy native modules who want agent-guided LibAFL setup without hiring a full-time fuzzing specialist.
Skip if: Pure web-only TypeScript apps with no native attack surface, or teams that only need mocked API tests with no binary parsers.
When should I use this skill?
You need agent-guided LibAFL fuzzing setup, harness design, or campaign triage on native code before or after release.
What do I get? / Deliverables
After the skill runs, you have a concrete LibAFL-oriented fuzz plan—harness boundaries, campaign steps, and triage workflow—so crashes become actionable fixes before users hit them.
- LibAFL-oriented harness and campaign checklist
- Crash reproduction notes and suggested fixes
- CI-friendly fuzz job sketch
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Ship because fuzz campaigns are the last hardening pass before release, even though harness work often starts during Build. Security subphase fits offensive assurance work—coverage-guided fuzzing to surface exploitable defects, not routine unit tests.
Where it fits
Wire a minimal LibAFL harness around a new protobuf decoder while the feature is still in development.
Run an extended fuzz campaign and bucket crashes by severity before tagging a release.
Replay the last good corpus after a customer reports a malformed file crash.
How it compares
Use for systematic coverage-guided fuzzing with LibAFL, not instead of lightweight cargo-fuzz smoke runs when you only need a five-minute sanity check.
Common Questions / FAQ
Who is libafl for?
Solo and indie builders shipping native libraries, parsers, or security-sensitive binaries who want their Claude Code, Cursor, or Codex agent to follow LibAFL fuzzing patterns from Trail of Bits.
When should I use libafl?
Use it during Build when scaffolding a fuzz harness around a new decoder, again in Ship before release to run campaigns and triage crashes, and in Operate when regressions appear after format changes.
Is libafl safe to install?
Review the Security Audits panel on this Prism page and the Trail of Bits skills.sh listing before enabling shell and filesystem access in your agent; fuzzing intentionally executes untrusted inputs on your machine.
SKILL.md
READMESKILL.md - Libafl
interface: icon_small: "assets/trail-of-bits-mark.svg" icon_large: "assets/trail-of-bits-mark.svg" brand_color: "#D83A34" <svg xmlns="http://www.w3.org/2000/svg" width="94" height="56" fill="none" viewBox="0 0 94 56"><path fill="#F0F4F7" d="m34.04 54.662-7.61-4.147L24.593 56l9.433-1.335c-.029 0-.043 0 .014-.003"/><path fill="#F0F4F7" d="m34.039 54.662-.014.003c.035 0 .096-.003.014-.003m26.191-2.67 6.124-1.804 2.301-7.26-5.655.387zM74.805 5.478l-4.68-3.035-2.62 8.332 5.15 1.548zM43.224 3.532s3.172.973 4.423 1.328l4.508 1.335L52.234 0l-7.928 1.576zm-31.473 23.14 5.566.014 1.982-6.216-5.06-1.342c-.538 1.708-1.94 5.837-2.488 7.544M1.394 20.896l4.164 4.338 2.398-7.696-5.11-1.357zm88.205 24.841c-.086-2.18-.692-2.894-1.978-4.232l-6.71.447c1.871 1.175 3.018 2.63 3.255 4.583.261 2.145-2.068 4.623-4.322 4.623-1.258 0-1.885-.987-1.885-2.12.035-.845.333-1.942.777-2.673h-5.691c-.444 1.136-.813 2.418-.813 3.625 0 4.136 3.659 5.197 7.131 5.197 3.62 0 6.616-.696 8.501-4.03.85-1.505 1.806-3.663 1.735-5.42M18.804.56 1.362.576 0 4.86l6.394-.007-3.161 9.962 5.114 1.356 3.551-11.322 5.544-.007z"/><path fill="#F0F4F7" d="M20.707 15.898c.628-.04 1.258-.04 1.886-.04 1.035-.003 2.587.072 2.587 1.499.004.987-.366 2.233-.66 3.184-.551 1.942-1.214 3.88-1.325 5.858l5.727-.007c-.151-3.185 1.842-5.968 1.838-9.117 0-2.123-1.627-2.964-3.512-3.294l.552-.075c4.103-.554 6.39-3.738 6.386-7.729-.004-4.423-3.738-5.666-7.544-5.662l-6.576.007c-1.87 5.751-3.645 11.534-5.462 17.31l5.057 1.339zM24.245 4.58l1.849-.004c1.369 0 2.734.327 2.738 1.939.003 1.977-1.437 5.31-3.803 5.31l-3.031.004zm11.959 21.883 2.949-5.531 7.06-.008-.215 5.564 5.544-.004.441-18.94-4.763-1.43a89 89 0 0 0-.677 10.71h-.036l-5.322.004c1.914-3.586 3.749-7.2 5.4-10.906L42.77 4.775 30.437 26.466zm39.249-.036 1.402-4.214-7.43.01 2.753-8.612-5.15-1.548-4.584 14.375zm-34.411 1.658h-7.28l-6.834 21.18 8.698 4.694c5.208-.196 8.856-4.012 8.856-9.252 0-2.013-1.258-3.586-3.215-4.136 3.846-.877 6.319-3.33 6.319-7.356-.004-3.923-3.072-5.13-6.544-5.13m-2.993 20.318c-1.036 1.537-2.143 1.647-3.881 1.647h-2.254l2.476-7.611c1.81.07 5.024-.366 5.024 2.268 0 1.168-.698 2.744-1.365 3.696m-.444-9.667h-2.072l2.18-6.7c1.626.075 4.694-.436 4.694 2.053.04 2.928-1.846 4.647-4.802 4.647M58.67 9.582l-5.522 18.29-4.878 14.836 5.856-.447 4.23-13.2h.006l5.713-17.878c-.796-.22-3.964-1.228-5.404-1.601m2.738 18.542-1.37 4.278h6.398l-2.993 9.525 5.584-.38 2.913-9.145h5.541l1.37-4.278zm25.351-.259c-5.726 0-9.127 3.951-9.127 9.444.007.798.727 2.765 2.2 3.422l6.888-.462c-1.172-.98-3.243-3.29-3.243-4.519 0-1.686.95-3.891 2.91-3.891 1.33 0 2.143.366 2.143 1.793 0 .916-.444 1.757-.702 2.638h5.322c.333-.77.849-2.528.849-3.334.004-3.994-3.913-5.09-7.24-5.09m-63.15.372c-2.605 0-2.978 1.906-3.623 3.93-.215.728-.623 1.615-.623 2.379 0 1.47 1.315 1.75 2.537 1.75 1.494.01 2.29-.487 2.82-1.878.362-.952 1.305-3.568 1.305-4.488 0-1.303-1.326-1.693-2.416-1.693m.728 1.87c0 .328-.373 1.392-.498 1.765l-.577 1.782c-.226.675-.498 1.449-1.359 1.449-.487 0-.802-.28-.802-.785 0-.653.509-1.864.724-2.538.215-.671.498-2.01 1.247-2.269.168-.056.351-.078.534-.078.34 0 .749.302.749.664zm5.902 2.674.394-1.292H28.37l.613-1.928h2.38l.42-1.292h-4.126l-2.48 7.924h1.735l1.075-3.412z"/></svg> --- name: libafl type: fuzzer description: > LibAFL is a modular fuzzing library for building custom fuzzers. Use for advanced fuzzing needs, custom mutators, or non-standard fuzzing targets. --- # LibAFL LibAFL is a modular fuzzing library that implements features from AFL-based fuzzers like AFL++. Unlike traditional fuzzers, LibAFL provides all functionality in a modular and customizable way as a Rust library. It can be used as a drop-in replacement for libFuzzer or as a library to build custom fuzzers from scratch. ## When to Use | Fuzzer | Best For | Complexity | |--------|----------|------------| | libFuzzer | Quick setup, single-threaded | Low | | AFL++ | Multi-core, general purpose | Medium | | LibAFL | Custom fuzzers, advanced features, research | High | **