Yara Rule Authoring
技能 已验证 活跃Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.
To empower users to author effective and performant YARA-X detection rules for malware identification by providing best practices, decision trees, and tool recommendations.
功能
- Guides YARA-X rule authoring
- Covers string selection and performance optimization
- Details platform-specific detection strategies
- Provides guidance on testing and validation
- Includes linting and analysis scripts
使用场景
- Writing new YARA-X rules for malware
- Reviewing and optimizing existing YARA rules
- Migrating legacy YARA rules to YARA-X
- Developing detection signatures for threat intelligence
非目标
- Performing dynamic malware analysis
- Conducting network-based detection
- Static analysis requiring disassembly
- Simple hash-based detection
安装
请先添加 Marketplace
/plugin marketplace add trailofbits/skills/plugin install yara-authoring@trailofbits质量评分
已验证类似扩展
Secrets Management
100Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.
Semgrep Rule Creator
100Creates custom Semgrep rules for detecting security vulnerabilities, bug patterns, and code patterns. Use when writing Semgrep rules or building custom static analysis detections.
Safe Mode
100Prevent destructive operations using Claude Code hooks. Three modes — cautious (warn on dangerous commands), lockdown (restrict edits to one directory), and clear (remove restrictions). Uses PreToolUse matchers for Bash, Edit, and Write.
Prompt Guard
100Meta's 86M prompt injection and jailbreak detector. Filters malicious prompts and third-party data for LLM apps. 99%+ TPR, <1% FPR. Fast (<2ms GPU). Multilingual (8 languages). Deploy with HuggingFace or batch processing for RAG security.
Soul Guardian
100Drift detection + baseline integrity guard for agent workspace files with automatic alerting support
Audit Dependency Versions
100Audit project dependencies for version staleness, security vulnerabilities, and compatibility issues. Covers lock file analysis, upgrade path planning, and breaking change assessment. Use before a release to ensure dependencies are current and secure, during periodic maintenance reviews, after receiving a security advisory, when upgrading to a new language version, before submitting to CRAN or npm, or when inheriting a project to assess its dependency health.