← Back to Skills Marketplace
solomonneas

Yara Authoring

by Solomon Neas · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ✓ Security Clean
180
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install yara-authoring
Description
Write high-quality YARA-X detection rules for malware hunting. Covers atom selection, string optimization, false positive reduction, module usage (PE, ELF, M...
Usage Guidance
This appears to be a straightforward authoring guide. Before installing/using: (1) verify you obtain yara-x from a trusted source (brew/cargo pulls third‑party packages), (2) handle malware samples only in isolated/test environments, (3) confirm the referenced external link (the SKILL.md points to a GitHub path) matches a reputable repository if you want upstream context, and (4) if you will let an agent run commands autonomously, ensure it has restricted filesystem/network access so scans and sample handling cannot leak sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: yara-authoring Version: 1.0.2 The skill bundle provides educational documentation and templates for authoring YARA-X rules. It contains no executable code, malicious instructions, or data exfiltration logic, and its content is entirely consistent with its stated purpose of assisting in malware detection rule development (SKILL.md).
Capability Assessment
Purpose & Capability
Name/description match the content of SKILL.md: the document is focused on YARA-X rule authoring, templates, performance guidance, and testing workflows. Nothing requested (no env vars, no config paths, no binaries declared) contradicts the stated purpose.
Instruction Scope
Runtime instructions stay within expected boundaries: they teach how to write rules, recommend running yr check/yr scan/yr fmt, and advise testing against goodware. There are no directives to read unrelated system files or exfiltrate data. The guidance to scan samples and directories is appropriate for a rule-authoring skill, but users should follow safe handling practices for malware samples.
Install Mechanism
This is an instruction-only skill with no install spec. SKILL.md suggests installing yara-x via brew or cargo (normal recommendations). Because the skill itself does not execute installs, there is no additional install risk introduced by the package files.
Credentials
No environment variables, credentials, or config paths are requested. The guidance does not reference secrets or unrelated credentials.
Persistence & Privilege
always is false and there are no indications the skill requests elevated persistence or modifies other skills. disable-model-invocation is false (the platform default) — this is expected and not by itself a concern.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install yara-authoring
  3. After installation, invoke the skill by name or use /yara-authoring
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Scrubbed personal info from example rule author field
v1.0.1
Natural description rewrite
v1.0.0
Initial release of yara-authoring skill. - Provides methodology and templates for writing robust YARA and YARA-X detection rules. - Emphasizes best practices: atom selection, naming, string/condition logic, false positive reduction, and performance. - Includes guidance on using YARA-X CLI (installation, key commands). - Covers usage of YARA modules (PE, ELF, Mach-O). - Lists common magic bytes, rule naming conventions, and sample rule templates. - Details testing and optimization strategies.
Metadata
Slug yara-authoring
Version 1.0.2
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Yara Authoring?

Write high-quality YARA-X detection rules for malware hunting. Covers atom selection, string optimization, false positive reduction, module usage (PE, ELF, M... It is an AI Agent Skill for Claude Code / OpenClaw, with 180 downloads so far.

How do I install Yara Authoring?

Run "/install yara-authoring" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Yara Authoring free?

Yes, Yara Authoring is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Yara Authoring support?

Yara Authoring is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Yara Authoring?

It is built and maintained by Solomon Neas (@solomonneas); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments