ClawHub

Yara Authoring

v1.0.2

Write high-quality YARA-X detection rules for malware hunting. Covers atom selection, string optimization, false positive reduction, module usage (PE, ELF, M...

0· 106·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content of SKILL.md: the document is focused on YARA-X rule authoring, templates, performance guidance, and testing workflows. Nothing requested (no env vars, no config paths, no binaries declared) contradicts the stated purpose.
Instruction Scope
Runtime instructions stay within expected boundaries: they teach how to write rules, recommend running yr check/yr scan/yr fmt, and advise testing against goodware. There are no directives to read unrelated system files or exfiltrate data. The guidance to scan samples and directories is appropriate for a rule-authoring skill, but users should follow safe handling practices for malware samples.
Install Mechanism
This is an instruction-only skill with no install spec. SKILL.md suggests installing yara-x via brew or cargo (normal recommendations). Because the skill itself does not execute installs, there is no additional install risk introduced by the package files.
Credentials
No environment variables, credentials, or config paths are requested. The guidance does not reference secrets or unrelated credentials.
Persistence & Privilege
always is false and there are no indications the skill requests elevated persistence or modifies other skills. disable-model-invocation is false (the platform default) — this is expected and not by itself a concern.
Assessment
This appears to be a straightforward authoring guide. Before installing/using: (1) verify you obtain yara-x from a trusted source (brew/cargo pulls third‑party packages), (2) handle malware samples only in isolated/test environments, (3) confirm the referenced external link (the SKILL.md points to a GitHub path) matches a reputable repository if you want upstream context, and (4) if you will let an agent run commands autonomously, ensure it has restricted filesystem/network access so scans and sample handling cannot leak sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aznmkxg2kjnwpmt64d974zh8395rh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments