Best use case
move-smith-fuzzer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Move Smith Fuzzer Skill
Teams using move-smith-fuzzer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/move-smith-fuzzer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How move-smith-fuzzer Compares
| Feature / Agent | move-smith-fuzzer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Move Smith Fuzzer Skill
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# move-smith-fuzzer Skill
> *"Find bugs before they find your users. Fuzzing as validation."*
## Overview
**Move Smith Fuzzer** implements property-based testing and fuzzing for Move smart contracts. Uses MoveSmith's differential testing against multiple Move VMs to find consensus-breaking bugs.
## GF(3) Role
| Aspect | Value |
|--------|-------|
| Trit | -1 (MINUS) |
| Role | VALIDATOR |
| Function | Validates Move contracts via fuzz testing |
## Architecture
```
┌─────────────────────────────────────────────────────────────────┐
│ MOVE SMITH FUZZER │
├─────────────────────────────────────────────────────────────────┤
│ │
│ Contract Source Generator Fuzzer Report │
│ (+1 GEN) (0 COORD) (-1 VAL) (output) │
│ │ │ │ │ │
│ ▼ ▼ ▼ ▼ │
│ ┌───────┐ ┌────────┐ ┌──────────┐ ┌─────────┐ │
│ │ Parse │───────►│Generate│───►│ Execute │──►│ Report │ │
│ │ AST │ │ Inputs │ │ & Compare│ │ Bugs │ │
│ └───────┘ └────────┘ └──────────┘ └─────────┘ │
│ │ │
│ ▼ │
│ ┌──────────────┐ │
│ │ Differential │ │
│ │ Testing │ │
│ └──────────────┘ │
│ │ │
│ ┌────────────┼────────────┐ │
│ ▼ ▼ ▼ │
│ Move VM 1 Move VM 2 Move VM 3 │
│ │
└─────────────────────────────────────────────────────────────────┘
```
## MoveSmith Integration
```python
class MoveSmithFuzzer:
"""
MoveSmith-based differential fuzzer for Move.
Reference: "MoveSmith: Compiler Bug Isolation via Compilation
Result Consistency Checking for Move"
"""
TRIT = -1 # VALIDATOR role
def __init__(self, vms: list[MoveVM]):
self.vms = vms # Multiple VMs for differential testing
self.mutator = MoveMutator()
self.oracle = DifferentialOracle()
def fuzz(self, contract: str, iterations: int = 10000) -> list:
"""
Fuzz a Move contract for bugs.
Strategy:
1. Generate random valid Move programs
2. Execute on all VMs
3. Compare results (differential testing)
4. Report discrepancies
"""
bugs = []
for i in range(iterations):
# Generate or mutate
if random.random() < 0.3:
program = self.generate_random_program()
else:
program = self.mutator.mutate(contract)
# Execute on all VMs
results = {}
for vm in self.vms:
try:
results[vm.name] = vm.execute(program)
except Exception as e:
results[vm.name] = ('error', str(e))
# Differential testing
if not self.oracle.consistent(results):
bugs.append({
'program': program,
'results': results,
'type': 'differential',
'iteration': i
})
return bugs
class MoveMutator:
"""Mutates Move programs to find edge cases."""
def mutate(self, program: str) -> str:
"""Apply random mutations."""
mutations = [
self.mutate_integers,
self.mutate_addresses,
self.mutate_vectors,
self.mutate_structs,
self.swap_operations,
]
mutated = program
for _ in range(random.randint(1, 5)):
mutation = random.choice(mutations)
mutated = mutation(mutated)
return mutated
def mutate_integers(self, program: str) -> str:
"""Replace integers with edge cases."""
edges = [0, 1, 255, 256, 2**64-1, 2**128-1]
# Find and replace integer literals
return re.sub(r'\b(\d+)\b',
lambda m: str(random.choice(edges)),
program)
```
## Prover-Fuzzer Synergy
```python
class ProverFuzzerHybrid:
"""
Combine Move Prover with fuzzing.
Prover: Proves properties hold for ALL inputs
Fuzzer: Finds counterexamples for SOME inputs
Together: Maximum coverage
"""
def verify_contract(self, contract: str) -> dict:
# First: Prover for formal guarantees
prover_result = move_prover.verify(contract)
# Second: Fuzzer for edge cases prover missed
fuzzer_bugs = self.fuzzer.fuzz(contract)
return {
'proven_properties': prover_result.properties,
'fuzzer_bugs': fuzzer_bugs,
'confidence': self.compute_confidence(prover_result, fuzzer_bugs)
}
```
## Property-Based Testing
```move
#[test]
fun test_gf3_conservation() {
let seed = 0x42D;
let mut prng = movemate_random::new(seed);
for i in 0..1000 {
// Generate random triads
let trit1 = random_trit(&mut prng);
let trit2 = random_trit(&mut prng);
let trit3 = (3 - trit1 - trit2) % 3; // Force conservation
// Property: sum must be 0 mod 3
let sum = (trit1 + trit2 + trit3) % 3;
assert!(sum == 0, 0);
}
}
fun random_trit(prng: &mut PRNG): u8 {
movemate_random::next_u8(prng) % 3
}
```
## Differential Testing VMs
| VM | Purpose | Speed |
|----|---------|-------|
| Aptos Move VM | Production reference | Medium |
| Move VM (reference) | Original implementation | Slow |
| Revela decompiler | Bytecode analysis | Fast |
| MoveSmith interpreter | Fuzzing-optimized | Fast |
## GF(3) Triads
```
move-smith-fuzzer (-1) ⊗ move-narya-bridge (0) ⊗ aptos-gf3-society (+1) = 0 ✓
move-smith-fuzzer (-1) ⊗ datalog-fixpoint (0) ⊗ discopy (+1) = 0 ✓
move-smith-fuzzer (-1) ⊗ interaction-nets (0) ⊗ gay-mcp (+1) = 0 ✓
```
## Commands
```bash
# Fuzz a Move module
just move-fuzz sources/gf3.move --iterations 10000
# Differential testing across VMs
just move-diff sources/gf3.move --vms aptos,reference
# Property-based test with random seeds
just move-proptest sources/ --seed 0x42D
# Generate coverage report
just move-fuzz-coverage sources/ --output coverage.html
```
---
**Skill Name**: move-smith-fuzzer
**Type**: Fuzzing / Property-Based Testing
**Trit**: -1 (MINUS - VALIDATOR)
**GF(3)**: Validates Move contracts through differential testing
## Scientific Skill Interleaving
This skill connects to the K-Dense-AI/claude-scientific-skills ecosystem:
### Graph Theory
- **networkx** [○] via bicomodule
- Universal graph hub
### Bibliography References
- `general`: 734 citations in bib.duckdb
## Cat# Integration
This skill maps to Cat# = Comod(P) as a bicomodule in the Prof home:
```
Trit: 0 (ERGODIC)
Home: Prof (profunctors/bimodules)
Poly Op: ⊗ (parallel composition)
Kan Role: Adj (adjunction bridge)
```
### GF(3) Naturality
The skill participates in triads where:
```
(-1) + (0) + (+1) ≡ 0 (mod 3)
```
This ensures compositional coherence in the Cat# equipment structure.Related Skills
performing-lateral-movement-with-wmiexec
Perform lateral movement across Windows networks using WMI-based remote execution techniques including Impacket wmiexec.py, CrackMapExec, and native WMI commands for stealthy post-exploitation during red team engagements.
performing-lateral-movement-detection
Detects lateral movement techniques including Pass-the-Hash, PsExec, WMI execution, RDP pivoting, and SMB-based spreading using SIEM correlation of Windows event logs, network flow data, and endpoint telemetry mapped to MITRE ATT&CK Lateral Movement (TA0008) techniques.
libfuzzer
Fuzzing with libFuzzer for finding vulnerabilities in code.
hunting-for-lateral-movement-via-wmi
Detect WMI-based lateral movement by analyzing Windows Event ID 4688 process creation and Sysmon Event ID 1 for WmiPrvSE.exe child process patterns, remote process execution, and WMI event subscription persistence.
hunting-for-dcom-lateral-movement
Hunt for DCOM-based lateral movement by detecting abuse of MMC20.Application, ShellBrowserWindow, and ShellWindows COM objects through Sysmon Event ID 1 (process creation) and Event ID 3 (network connection) correlation, WMI event analysis, RPC endpoint mapper traffic on port 135, and DCOM-specific parent-child process relationships.
detecting-lateral-movement-with-zeek
Detect lateral movement in network traffic using Zeek (formerly Bro) log analysis. Parses conn.log, smb_mapping.log, smb_files.log, dce_rpc.log, kerberos.log, and ntlm.log to identify SMB file transfers, NTLM account spray activity, remote service execution, and anomalous internal connections.
detecting-lateral-movement-with-splunk
Detect adversary lateral movement across networks using Splunk SPL queries against Windows authentication logs, SMB traffic, and remote service abuse.
detecting-lateral-movement-in-network
Identifies lateral movement techniques in enterprise networks by analyzing authentication logs, network flows, SMB traffic, and RDP sessions using Zeek, Velociraptor, and SIEM correlation rules to detect attackers moving between systems.
detecting-azure-lateral-movement
Detect lateral movement in Azure AD/Entra ID environments using Microsoft Graph API audit logs, Azure Sentinel KQL hunting queries, and sign-in anomaly correlation to identify privilege escalation, token theft, and cross-tenant pivoting.
jepsen-testing
Jepsen-style correctness testing for distributed systems under faults (partitions, crashes, clock skew) using concurrent operation histories and formal checkers (linearizability/serializability and Elle-style anomalies). Use when designing, implementing, or running Jepsen tests, or interpreting histories/violations.
Deterministic Color Generation via Metadata Hashing
**Status**: ✅ Production Ready
cyton-dongle
Connect and stream from OpenBCI Cyton/Daisy via USB dongle, including first-time radio channel pairing