Access is currently restricted. Contact us to request an invite.

© 2026 Skillstore. All rights reserved.

yara-rule-authoring

Guides authoring of high-quality YARA-X detection rules for malware identification. Use when writing, reviewing, or optimizing YARA rules. Covers naming conventions, string selection, performance optimization, migration from legacy YARA, and false positive reduction. Triggers on: YARA, YARA-X, malware detection, threat hunting, IOC, signature, crx module, dex module.

TTrail of Bitsv1.0.0

claude-codetypescriptsecurity

Free

Sign in required

For claude-code

YARA-X Rule Authoring

Write detection rules that catch malware without drowning in false positives.

This skill targets YARA-X, the Rust-based successor to legacy YARA. YARA-X powers VirusTotal's production systems and is the recommended implementation. See Migrating from Legacy YARA if you have existing rules.

Core Principles

Strings must generate good atoms — YARA extracts 4-byte subsequences for fast matching. Strings with repeated bytes, common sequences, or under 4 bytes force slow bytecode verification on too many files.

Acquire this skill to read more

This skill is free. Add it to your library to access the full content.

Sign in required

Versions

v1.0.0

Imported from https://github.com/trailofbits/skills

3/3/2026

Reviews

No reviews yet.