Yara Rule Authoring
Skill Verified ActiveGuides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.
To empower users to author effective and performant YARA-X detection rules for malware identification by providing best practices, decision trees, and tool recommendations.
Features
- Guides YARA-X rule authoring
- Covers string selection and performance optimization
- Details platform-specific detection strategies
- Provides guidance on testing and validation
- Includes linting and analysis scripts
Use Cases
- Writing new YARA-X rules for malware
- Reviewing and optimizing existing YARA rules
- Migrating legacy YARA rules to YARA-X
- Developing detection signatures for threat intelligence
Non-Goals
- Performing dynamic malware analysis
- Conducting network-based detection
- Static analysis requiring disassembly
- Simple hash-based detection
Installation
First, add the marketplace
/plugin marketplace add trailofbits/skills/plugin install yara-authoring@trailofbitsQuality Score
VerifiedTrust Signals
Similar Extensions
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Prompt Guard
100Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.