yara-authoring

Expert YARA-X detection rule authoring skill adapted from Trail of Bits security research methodology. Guides authoring of high-quality YARA-X rules for malware detection, threat hunting, and IOC identification. Emphasizes expert judgment, atom efficiency analysis, linting, and the YARA-X Rust-based toolchain.

This skill implements Trail of Bits' YARA authoring methodology for the agent-studio framework. YARA-X is the Rust-based successor to legacy YARA, offering improved performance, safety, and new features. This skill teaches you to think and act like an expert YARA author, producing detection rules that are precise, efficient, and maintainable.

Source repository: https://github.com/trailofbits/skills License: CC-BY-SA-4.0 Target: YARA-X (with legacy YARA compatibility guidance)

透過專家判斷、linting、原子分析和最佳實踐來撰寫 YARA-X 檢測規則。教授如何像 YARA 專家作者一樣思考，使用 YARA-X（基於 Rust 的舊版 YARA 繼承者）進行惡意軟體偵測、威脅追蹤和妥協指標識別。 來源：oimiragieo/agent-studio。