skills/mukul975/anthropic-cybersecurity-skills/performing-threat-hunting-with-yara-rules/Gen Agent Trust Hub
performing-threat-hunting-with-yara-rules
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and provides instructions to download YARA rules and tools from established community sources such as the Yara-Rules repository and Florian Roth's signature-base. These are recognized industry standards for threat intelligence.
- [DATA_EXFILTRATION]: While the skill accesses local files and process memory dumps (e.g., lsass_dump.dmp), this is the inherent and documented purpose of a threat hunting tool. There is no evidence of data being transmitted to external or unauthorized servers.
- [COMMAND_EXECUTION]: The instructions and scripts use standard command-line operations for environment setup (pip, apt, git) and execution of the YARA scanner. These operations are transparent and consistent with the skill's stated utility.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized access attempts were detected. The discrepancies in author names between files appear to be routine administrative artifacts and do not pose a security risk.
Audit Metadata