S³ YARA Rule Authoring
v1.0.0Write high-quality YARA-X detection rules for malware identification and threat hunting. Covers naming conventions, string selection, performance optimizatio...
⭐ 0· 93·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name, description, and runtime instructions match: this is a YARA-X rule authoring and review guide. It does not request unrelated binaries, credentials, or config paths. Mentions of installing yara-x via brew/cargo are documentation-only and consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the user/agent to validate and scan files (yr check, yr scan, yr fmt) and to test rules against 'goodware' corpora and sample files. This is expected for a rule-authoring skill but it implies the agent will read and operate on local files if given — ensure the agent is only pointed at appropriate test/analysis datasets and not sensitive production data.
Install Mechanism
No install spec in the registry (instruction-only). The documentation references standard install methods (brew/cargo) for yara-x — these are normal and do not introduce hidden downloads in the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. The behavior described (file scanning and rule formatting) does not require secrets, so the declared surface is proportionate.
Persistence & Privilege
Skill is not 'always' enabled and does not request persistent presence or attempt to modify other skills or system settings. Autonomous invocation is allowed by platform default but does not combine with other concerning factors here.
Assessment
This is a coherent, instruction-only YARA-X authoring guide. Before using it: (1) only run yr scan/check/format on test or consented samples — avoid pointing it at sensitive production files; (2) install yara-x from official sources (brew/cargo crates.io) if needed; (3) review any auto-generated rules before deploying to detection infrastructure to avoid false positives; (4) if you allow an agent to run these commands autonomously, restrict its filesystem scope to analysis directories so it cannot access unrelated data.Like a lobster shell, security has layers — review code before you run it.
detectionvk97313gnt4qyvtrke4ytg6sa7s8360hjlatestvk97313gnt4qyvtrke4ytg6sa7s8360hjmalwarevk97313gnt4qyvtrke4ytg6sa7s8360hjsignaturesvk97313gnt4qyvtrke4ytg6sa7s8360hjthreat-huntingvk97313gnt4qyvtrke4ytg6sa7s8360hjyaravk97313gnt4qyvtrke4ytg6sa7s8360hj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.