Yara Authoring banner
Trail of Bits Trail of Bits

Yara Authoring

Security community Advanced
SOURCE https://github.com/trailofbits/skills/tree/main/plugins/yara-authoring

Description

A behavior-driven skill for authoring high-quality YARA-X detection rules, teaching you to think and act like an expert YARA author.

Installation

Terminal
claude install-skill https://github.com/trailofbits/skills/tree/main/plugins/yara-authoring

README

YARA-X Authoring Plugin

A behavior-driven skill for authoring high-quality YARA-X detection rules, teaching you to think and act like an expert YARA author.

**YARA-X Focus:** This skill targets [YARA-X](https://virustotal.github.io/yara-x/), the Rust-based successor to legacy YARA. YARA-X powers VirusTotal's Livehunt/Retrohunt production systems and is 5-10x faster for regex-heavy rules. Legacy YARA (C implementation) is in maintenance mode.

Philosophy

This skill doesn't dump YARA syntax at you. Instead, it teaches:

    undefined

An expert uses 5 tools: yarGen, FLOSS, `yr` CLI, signature-base, YARA-CI. Everything else is noise.

Installation

YARA-X CLI

# macOS
brew install yara-x

# Or from source
cargo install yara-x

# Verify installation
yr --version

Python Package (for scripts)

pip install yara-x
# or with uv
uv pip install yara-x

Plugin

Add this plugin to your Claude Code configuration:

claude mcp add-plugin /path/to/yara-authoring

Skills

yara-rule-authoring

Guides authoring of YARA-X rules for malware detection with expert judgment.

**Covers:**

    undefined

**Triggers:** YARA, YARA-X, malware detection, threat hunting, IOC, signature

Scripts

...

Related Skills

Defense in Depth preview

Defense in Depth

Implement multi-layered testing and security best practices.

obra Security community
SecLists Official Repository preview

SecLists Official Repository

[OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)

danielmiessler Security community
Threat Hunting with Sigma Rules preview

Threat Hunting with Sigma Rules

Use Sigma detection rules to hunt for threats and analyze security events

jthack Security community
Maintenance Walkthrough - 2026-03-29 preview

Maintenance Walkthrough - 2026-03-29

- Re-triaged the full 2026-03-15 security finding set against current `main` and wrote a fresh current-head report in `docs/maintainers/security-findings-triage-2026-03-29-refresh.md`. - Added a match

sickn33 Security community
Google Workspace Model Armor preview

Google Workspace Model Armor

Filter user-generated content for safety

Google Workspace Security community
Google Workspace Alert Center preview

Google Workspace Alert Center

Manage security alerts

Google Workspace Security community

Related Agents

Accessibility Audit

| You are an accessibility expert specializing in WCAG compliance, inclusive design, and assistive tec... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

wcag-audit-patterns

| Comprehensive guide to auditing web content against WCAG 2.2 guidelines with actionable remediation... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent

Deps Audit

| You are a dependency security expert specializing in vulnerability scanning, license compliance, and... | - | [wshobson/agents](https://github.com/wshobson/agents) |

Security agent