← 返回 Skills 市场
S³ YARA Rule Authoring
作者
Solomon Neas
· GitHub ↗
· v1.0.0
· MIT-0
154
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install s3-yara-authoring
功能描述
Write high-quality YARA-X detection rules for malware identification and threat hunting. Covers naming conventions, string selection, performance optimizatio...
安全使用建议
This is a coherent, instruction-only YARA-X authoring guide. Before using it: (1) only run yr scan/check/format on test or consented samples — avoid pointing it at sensitive production files; (2) install yara-x from official sources (brew/cargo crates.io) if needed; (3) review any auto-generated rules before deploying to detection infrastructure to avoid false positives; (4) if you allow an agent to run these commands autonomously, restrict its filesystem scope to analysis directories so it cannot access unrelated data.
功能分析
Type: OpenClaw Skill
Name: s3-yara-authoring
Version: 1.0.0
The skill bundle provides legitimate educational content and best practices for authoring YARA-X detection rules. It includes standard installation commands (brew/cargo) and usage examples for the 'yr' tool, with no evidence of malicious intent, data exfiltration, or prompt injection in SKILL.md.
能力评估
Purpose & Capability
Name, description, and runtime instructions match: this is a YARA-X rule authoring and review guide. It does not request unrelated binaries, credentials, or config paths. Mentions of installing yara-x via brew/cargo are documentation-only and consistent with the stated purpose.
Instruction Scope
SKILL.md instructs the user/agent to validate and scan files (yr check, yr scan, yr fmt) and to test rules against 'goodware' corpora and sample files. This is expected for a rule-authoring skill but it implies the agent will read and operate on local files if given — ensure the agent is only pointed at appropriate test/analysis datasets and not sensitive production data.
Install Mechanism
No install spec in the registry (instruction-only). The documentation references standard install methods (brew/cargo) for yara-x — these are normal and do not introduce hidden downloads in the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. The behavior described (file scanning and rule formatting) does not require secrets, so the declared surface is proportionate.
Persistence & Privilege
Skill is not 'always' enabled and does not request persistent presence or attempt to modify other skills or system settings. Autonomous invocation is allowed by platform default but does not combine with other concerning factors here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install s3-yara-authoring - 安装完成后,直接呼叫该 Skill 的名称或使用
/s3-yara-authoring触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of yara-authoring skill.
- Provides guidelines for writing, reviewing, and optimizing YARA-X malware detection rules.
- Includes naming conventions, best practices for string selection, and rule performance optimization.
- Details strategies for reducing false positives and validates rules against clean file sets.
- Offers a YARA-X-specific rule template, usage instructions, and core methodology references.
元数据
常见问题
S³ YARA Rule Authoring 是什么?
Write high-quality YARA-X detection rules for malware identification and threat hunting. Covers naming conventions, string selection, performance optimizatio... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 154 次。
如何安装 S³ YARA Rule Authoring?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install s3-yara-authoring」即可一键安装,无需额外配置。
S³ YARA Rule Authoring 是免费的吗?
是的,S³ YARA Rule Authoring 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
S³ YARA Rule Authoring 支持哪些平台?
S³ YARA Rule Authoring 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 S³ YARA Rule Authoring?
由 Solomon Neas(@solomonneas)开发并维护,当前版本 v1.0.0。
推荐 Skills