← 返回 Skills 市场
Yara Authoring
作者
Solomon Neas
· GitHub ↗
· v1.0.2
· MIT-0
180
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install yara-authoring
功能描述
Write high-quality YARA-X detection rules for malware hunting. Covers atom selection, string optimization, false positive reduction, module usage (PE, ELF, M...
安全使用建议
This appears to be a straightforward authoring guide. Before installing/using: (1) verify you obtain yara-x from a trusted source (brew/cargo pulls third‑party packages), (2) handle malware samples only in isolated/test environments, (3) confirm the referenced external link (the SKILL.md points to a GitHub path) matches a reputable repository if you want upstream context, and (4) if you will let an agent run commands autonomously, ensure it has restricted filesystem/network access so scans and sample handling cannot leak sensitive data.
功能分析
Type: OpenClaw Skill
Name: yara-authoring
Version: 1.0.2
The skill bundle provides educational documentation and templates for authoring YARA-X rules. It contains no executable code, malicious instructions, or data exfiltration logic, and its content is entirely consistent with its stated purpose of assisting in malware detection rule development (SKILL.md).
能力评估
Purpose & Capability
Name/description match the content of SKILL.md: the document is focused on YARA-X rule authoring, templates, performance guidance, and testing workflows. Nothing requested (no env vars, no config paths, no binaries declared) contradicts the stated purpose.
Instruction Scope
Runtime instructions stay within expected boundaries: they teach how to write rules, recommend running yr check/yr scan/yr fmt, and advise testing against goodware. There are no directives to read unrelated system files or exfiltrate data. The guidance to scan samples and directories is appropriate for a rule-authoring skill, but users should follow safe handling practices for malware samples.
Install Mechanism
This is an instruction-only skill with no install spec. SKILL.md suggests installing yara-x via brew or cargo (normal recommendations). Because the skill itself does not execute installs, there is no additional install risk introduced by the package files.
Credentials
No environment variables, credentials, or config paths are requested. The guidance does not reference secrets or unrelated credentials.
Persistence & Privilege
always is false and there are no indications the skill requests elevated persistence or modifies other skills. disable-model-invocation is false (the platform default) — this is expected and not by itself a concern.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install yara-authoring - 安装完成后,直接呼叫该 Skill 的名称或使用
/yara-authoring触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Scrubbed personal info from example rule author field
v1.0.1
Natural description rewrite
v1.0.0
Initial release of yara-authoring skill.
- Provides methodology and templates for writing robust YARA and YARA-X detection rules.
- Emphasizes best practices: atom selection, naming, string/condition logic, false positive reduction, and performance.
- Includes guidance on using YARA-X CLI (installation, key commands).
- Covers usage of YARA modules (PE, ELF, Mach-O).
- Lists common magic bytes, rule naming conventions, and sample rule templates.
- Details testing and optimization strategies.
元数据
常见问题
Yara Authoring 是什么?
Write high-quality YARA-X detection rules for malware hunting. Covers atom selection, string optimization, false positive reduction, module usage (PE, ELF, M... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 180 次。
如何安装 Yara Authoring?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install yara-authoring」即可一键安装,无需额外配置。
Yara Authoring 是免费的吗?
是的,Yara Authoring 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Yara Authoring 支持哪些平台?
Yara Authoring 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Yara Authoring?
由 Solomon Neas(@solomonneas)开发并维护,当前版本 v1.0.2。
推荐 Skills