← Back to Skills Marketplace
solomonneas

S³ YARA Rule Authoring

by Solomon Neas · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
154
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install s3-yara-authoring
Description
Write high-quality YARA-X detection rules for malware identification and threat hunting. Covers naming conventions, string selection, performance optimizatio...
Usage Guidance
This is a coherent, instruction-only YARA-X authoring guide. Before using it: (1) only run yr scan/check/format on test or consented samples — avoid pointing it at sensitive production files; (2) install yara-x from official sources (brew/cargo crates.io) if needed; (3) review any auto-generated rules before deploying to detection infrastructure to avoid false positives; (4) if you allow an agent to run these commands autonomously, restrict its filesystem scope to analysis directories so it cannot access unrelated data.
Capability Analysis
Type: OpenClaw Skill Name: s3-yara-authoring Version: 1.0.0 The skill bundle provides legitimate educational content and best practices for authoring YARA-X detection rules. It includes standard installation commands (brew/cargo) and usage examples for the 'yr' tool, with no evidence of malicious intent, data exfiltration, or prompt injection in SKILL.md.
Capability Assessment
Purpose & Capability
Name, description, and runtime instructions match: this is a YARA-X rule authoring and review guide. It does not request unrelated binaries, credentials, or config paths. Mentions of installing yara-x via brew/cargo are documentation-only and consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the user/agent to validate and scan files (yr check, yr scan, yr fmt) and to test rules against 'goodware' corpora and sample files. This is expected for a rule-authoring skill but it implies the agent will read and operate on local files if given — ensure the agent is only pointed at appropriate test/analysis datasets and not sensitive production data.
Install Mechanism
No install spec in the registry (instruction-only). The documentation references standard install methods (brew/cargo) for yara-x — these are normal and do not introduce hidden downloads in the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. The behavior described (file scanning and rule formatting) does not require secrets, so the declared surface is proportionate.
Persistence & Privilege
Skill is not 'always' enabled and does not request persistent presence or attempt to modify other skills or system settings. Autonomous invocation is allowed by platform default but does not combine with other concerning factors here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install s3-yara-authoring
  3. After installation, invoke the skill by name or use /s3-yara-authoring
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of yara-authoring skill. - Provides guidelines for writing, reviewing, and optimizing YARA-X malware detection rules. - Includes naming conventions, best practices for string selection, and rule performance optimization. - Details strategies for reducing false positives and validates rules against clean file sets. - Offers a YARA-X-specific rule template, usage instructions, and core methodology references.
Metadata
Slug s3-yara-authoring
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is S³ YARA Rule Authoring?

Write high-quality YARA-X detection rules for malware identification and threat hunting. Covers naming conventions, string selection, performance optimizatio... It is an AI Agent Skill for Claude Code / OpenClaw, with 154 downloads so far.

How do I install S³ YARA Rule Authoring?

Run "/install s3-yara-authoring" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is S³ YARA Rule Authoring free?

Yes, S³ YARA Rule Authoring is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does S³ YARA Rule Authoring support?

S³ YARA Rule Authoring is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created S³ YARA Rule Authoring?

It is built and maintained by Solomon Neas (@solomonneas); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments