Skills

yara-rule-authoring

Installation
SKILL.md

YARA Rule Authoring

Write YARA-X rules that catch the intended family without drowning analysts in false positives.

Target runtime: YARA-X (Rust successor to legacy YARA). Install: brew install yara-x or cargo install yara-x. Essential CLI: yr check, yr scan, yr fmt, yr dump.

When to Use

  • Write, review, or optimize YARA-X rules for malware, hacktools, webshells, or supply-chain artifacts
  • Convert IOCs or threat intel into maintainable signatures
  • Debug false positives or tune any of / all of logic
  • Migrate legacy YARA rules to YARA-X stricter validation
  • Author Chrome extension (crx) or Android DEX (dex) module rules
  • Prepare rulesets for production, YARA-CI, or VirusTotal retrohunt

When NOT to Use

Installs
15
Repository
daemon-blockint…es-skill
GitHub Stars
2
First Seen
May 20, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
yara-rule-authoring — daemon-blockint-tech/agentic-enteprises-skill