move-smith-fuzzer

Move Smith Fuzzer Skill

16 stars

Best use case

move-smith-fuzzer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Move Smith Fuzzer Skill

Teams using move-smith-fuzzer should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/move-smith-fuzzer/SKILL.md --create-dirs "https://raw.githubusercontent.com/plurigrid/asi/main/plugins/asi/skills/move-smith-fuzzer/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/move-smith-fuzzer/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How move-smith-fuzzer Compares

Feature / Agentmove-smith-fuzzerStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Move Smith Fuzzer Skill

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# move-smith-fuzzer Skill


> *"Find bugs before they find your users. Fuzzing as validation."*

## Overview

**Move Smith Fuzzer** implements property-based testing and fuzzing for Move smart contracts. Uses MoveSmith's differential testing against multiple Move VMs to find consensus-breaking bugs.

## GF(3) Role

| Aspect | Value |
|--------|-------|
| Trit | -1 (MINUS) |
| Role | VALIDATOR |
| Function | Validates Move contracts via fuzz testing |

## Architecture

```
┌─────────────────────────────────────────────────────────────────┐
│                    MOVE SMITH FUZZER                            │
├─────────────────────────────────────────────────────────────────┤
│                                                                 │
│  Contract Source    Generator      Fuzzer         Report       │
│  (+1 GEN)          (0 COORD)      (-1 VAL)        (output)     │
│      │                 │              │               │        │
│      ▼                 ▼              ▼               ▼        │
│  ┌───────┐        ┌────────┐    ┌──────────┐   ┌─────────┐    │
│  │ Parse │───────►│Generate│───►│ Execute  │──►│ Report  │    │
│  │ AST   │        │ Inputs │    │ & Compare│   │ Bugs    │    │
│  └───────┘        └────────┘    └──────────┘   └─────────┘    │
│                                      │                         │
│                                      ▼                         │
│                              ┌──────────────┐                  │
│                              │ Differential │                  │
│                              │   Testing    │                  │
│                              └──────────────┘                  │
│                                      │                         │
│                         ┌────────────┼────────────┐            │
│                         ▼            ▼            ▼            │
│                    Move VM 1    Move VM 2    Move VM 3        │
│                                                                │
└─────────────────────────────────────────────────────────────────┘
```

## MoveSmith Integration

```python
class MoveSmithFuzzer:
    """
    MoveSmith-based differential fuzzer for Move.

    Reference: "MoveSmith: Compiler Bug Isolation via Compilation
    Result Consistency Checking for Move"
    """

    TRIT = -1  # VALIDATOR role

    def __init__(self, vms: list[MoveVM]):
        self.vms = vms  # Multiple VMs for differential testing
        self.mutator = MoveMutator()
        self.oracle = DifferentialOracle()

    def fuzz(self, contract: str, iterations: int = 10000) -> list:
        """
        Fuzz a Move contract for bugs.

        Strategy:
        1. Generate random valid Move programs
        2. Execute on all VMs
        3. Compare results (differential testing)
        4. Report discrepancies
        """
        bugs = []

        for i in range(iterations):
            # Generate or mutate
            if random.random() < 0.3:
                program = self.generate_random_program()
            else:
                program = self.mutator.mutate(contract)

            # Execute on all VMs
            results = {}
            for vm in self.vms:
                try:
                    results[vm.name] = vm.execute(program)
                except Exception as e:
                    results[vm.name] = ('error', str(e))

            # Differential testing
            if not self.oracle.consistent(results):
                bugs.append({
                    'program': program,
                    'results': results,
                    'type': 'differential',
                    'iteration': i
                })

        return bugs


class MoveMutator:
    """Mutates Move programs to find edge cases."""

    def mutate(self, program: str) -> str:
        """Apply random mutations."""
        mutations = [
            self.mutate_integers,
            self.mutate_addresses,
            self.mutate_vectors,
            self.mutate_structs,
            self.swap_operations,
        ]

        mutated = program
        for _ in range(random.randint(1, 5)):
            mutation = random.choice(mutations)
            mutated = mutation(mutated)

        return mutated

    def mutate_integers(self, program: str) -> str:
        """Replace integers with edge cases."""
        edges = [0, 1, 255, 256, 2**64-1, 2**128-1]
        # Find and replace integer literals
        return re.sub(r'\b(\d+)\b',
                     lambda m: str(random.choice(edges)),
                     program)
```

## Prover-Fuzzer Synergy

```python
class ProverFuzzerHybrid:
    """
    Combine Move Prover with fuzzing.

    Prover: Proves properties hold for ALL inputs
    Fuzzer: Finds counterexamples for SOME inputs

    Together: Maximum coverage
    """

    def verify_contract(self, contract: str) -> dict:
        # First: Prover for formal guarantees
        prover_result = move_prover.verify(contract)

        # Second: Fuzzer for edge cases prover missed
        fuzzer_bugs = self.fuzzer.fuzz(contract)

        return {
            'proven_properties': prover_result.properties,
            'fuzzer_bugs': fuzzer_bugs,
            'confidence': self.compute_confidence(prover_result, fuzzer_bugs)
        }
```

## Property-Based Testing

```move
#[test]
fun test_gf3_conservation() {
    let seed = 0x42D;
    let mut prng = movemate_random::new(seed);

    for i in 0..1000 {
        // Generate random triads
        let trit1 = random_trit(&mut prng);
        let trit2 = random_trit(&mut prng);
        let trit3 = (3 - trit1 - trit2) % 3;  // Force conservation

        // Property: sum must be 0 mod 3
        let sum = (trit1 + trit2 + trit3) % 3;
        assert!(sum == 0, 0);
    }
}

fun random_trit(prng: &mut PRNG): u8 {
    movemate_random::next_u8(prng) % 3
}
```

## Differential Testing VMs

| VM | Purpose | Speed |
|----|---------|-------|
| Aptos Move VM | Production reference | Medium |
| Move VM (reference) | Original implementation | Slow |
| Revela decompiler | Bytecode analysis | Fast |
| MoveSmith interpreter | Fuzzing-optimized | Fast |

## GF(3) Triads

```
move-smith-fuzzer (-1) ⊗ move-narya-bridge (0) ⊗ aptos-gf3-society (+1) = 0 ✓
move-smith-fuzzer (-1) ⊗ datalog-fixpoint (0) ⊗ discopy (+1) = 0 ✓
move-smith-fuzzer (-1) ⊗ interaction-nets (0) ⊗ gay-mcp (+1) = 0 ✓
```

## Commands

```bash
# Fuzz a Move module
just move-fuzz sources/gf3.move --iterations 10000

# Differential testing across VMs
just move-diff sources/gf3.move --vms aptos,reference

# Property-based test with random seeds
just move-proptest sources/ --seed 0x42D

# Generate coverage report
just move-fuzz-coverage sources/ --output coverage.html
```

---

**Skill Name**: move-smith-fuzzer
**Type**: Fuzzing / Property-Based Testing
**Trit**: -1 (MINUS - VALIDATOR)
**GF(3)**: Validates Move contracts through differential testing


## Scientific Skill Interleaving

This skill connects to the K-Dense-AI/claude-scientific-skills ecosystem:

### Graph Theory
- **networkx** [○] via bicomodule
  - Universal graph hub

### Bibliography References

- `general`: 734 citations in bib.duckdb

## Cat# Integration

This skill maps to Cat# = Comod(P) as a bicomodule in the Prof home:

```
Trit: 0 (ERGODIC)
Home: Prof (profunctors/bimodules)
Poly Op: ⊗ (parallel composition)
Kan Role: Adj (adjunction bridge)
```

### GF(3) Naturality

The skill participates in triads where:
```
(-1) + (0) + (+1) ≡ 0 (mod 3)
```

This ensures compositional coherence in the Cat# equipment structure.

Related Skills

performing-lateral-movement-with-wmiexec

16
from plurigrid/asi

Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket wmiexec.py, CrackMapExec, and native WMI commands for stealthy post-exploitation during red team engagements.

performing-lateral-movement-detection

16
from plurigrid/asi

Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.

libfuzzer

16
from plurigrid/asi

Fuzzing with libFuzzer for finding vulnerabilities in code.

hunting-for-lateral-movement-via-wmi

16
from plurigrid/asi

Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.

hunting-for-dcom-lateral-movement

16
from plurigrid/asi

Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows COM objects through Sysmon Event ID 1 (process creation) and Event ID 3 (network connection) correlation, WMI event analysis, RPC endpoint mapper traffic on port 135, and DCOM-specific parent-child process relationships.

detecting-lateral-movement-with-zeek

16
from plurigrid/asi

Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log, smb_files.log, dce_rpc.log, kerberos.log, and ntlm.log to identify SMB file transfers, NTLM account spray activity, remote service execution, and anomalous internal connections.

detecting-lateral-movement-with-splunk

16
from plurigrid/asi

Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs, SMB traffic, and remote service abuse.

detecting-lateral-movement-in-network

16
from plurigrid/asi

Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows, SMB traffic, and RDP sessions using Zeek, Velociraptor, and SIEM correlation rules to detect attackers moving between systems.

detecting-azure-lateral-movement

16
from plurigrid/asi

Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.

jepsen-testing

16
from plurigrid/asi

Jepsen-style correctness testing for distributed systems under faults (partitions, crashes, clock skew) using concurrent operation histories and formal checkers (linearizability/serializability and Elle-style anomalies). Use when designing, implementing, or running Jepsen tests, or interpreting histories/violations.

Deterministic Color Generation via Metadata Hashing

16
from plurigrid/asi

**Status**: ✅ Production Ready

cyton-dongle

16
from plurigrid/asi

Connect and stream from OpenBCI Cyton/Daisy via USB dongle, including first-time radio channel pairing