@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,333 @@
|
|
|
1
|
+
# YARA-X Performance Guidelines
|
|
2
|
+
|
|
3
|
+
Understanding how YARA-X works internally helps you write rules that scan fast.
|
|
4
|
+
|
|
5
|
+
> **YARA-X Performance:** YARA-X is 5-10x faster than legacy YARA for regex-heavy rules due to its Rust-based regex engine. The atom extraction and matching principles remain the same.
|
|
6
|
+
|
|
7
|
+
## How YARA Scanning Works
|
|
8
|
+
|
|
9
|
+
### Three-Phase Process
|
|
10
|
+
|
|
11
|
+
1. **Atom Extraction** — YARA extracts short byte sequences (atoms) from your strings
|
|
12
|
+
2. **Aho-Corasick Matching** — Fast multi-pattern search finds atom occurrences
|
|
13
|
+
3. **Bytecode Verification** — For each atom hit, verify the full string/condition
|
|
14
|
+
|
|
15
|
+
The key insight: **Phase 2 is fast, Phase 3 is slow.** Poor atoms cause excessive Phase 3 verification.
|
|
16
|
+
|
|
17
|
+
### What Makes a Good Atom
|
|
18
|
+
|
|
19
|
+
YARA extracts 4-byte atoms from your strings. The best atoms are:
|
|
20
|
+
|
|
21
|
+
- **Rare in target files** — Unique byte sequences
|
|
22
|
+
- **Unambiguous** — No wildcards in the 4-byte window
|
|
23
|
+
- **Not in common data** — Avoid patterns found in every PE
|
|
24
|
+
|
|
25
|
+
```
|
|
26
|
+
String: "MalwareConfig"
|
|
27
|
+
Atom: "Malw" (bytes 0-3)
|
|
28
|
+
|
|
29
|
+
String: { 4D 5A ?? ?? 50 45 }
|
|
30
|
+
Atom: { 50 45 ?? ?? } — wildcards limit options
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## Slow Pattern Killers
|
|
34
|
+
|
|
35
|
+
### Short Strings (< 4 bytes)
|
|
36
|
+
|
|
37
|
+
```yara
|
|
38
|
+
// TERRIBLE: No valid 4-byte atom
|
|
39
|
+
$bad = "abc" // Only 3 bytes
|
|
40
|
+
$bad = { 4D 5A } // Only 2 bytes
|
|
41
|
+
|
|
42
|
+
// GOOD: Full atoms available
|
|
43
|
+
$good = "abcdef"
|
|
44
|
+
$good = { 4D 5A 90 00 50 45 }
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
Short strings force YARA to check every file, defeating the Aho-Corasick optimization.
|
|
48
|
+
|
|
49
|
+
### Repeated Byte Patterns
|
|
50
|
+
|
|
51
|
+
```yara
|
|
52
|
+
// SLOW: Atom "0000" matches constantly
|
|
53
|
+
$nops = { 90 90 90 90 90 90 } // NOP sled
|
|
54
|
+
$null = { 00 00 00 00 } // Null bytes
|
|
55
|
+
|
|
56
|
+
// BETTER: Add context
|
|
57
|
+
$nop_context = { E8 ?? ?? ?? ?? 90 90 90 90 } // Call followed by NOPs
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
### Unbounded Regex
|
|
61
|
+
|
|
62
|
+
```yara
|
|
63
|
+
// CATASTROPHIC: Backtracking explosion
|
|
64
|
+
$url = /https?:\/\/.*/
|
|
65
|
+
|
|
66
|
+
// SLOW: Still too broad
|
|
67
|
+
$url = /https?:\/\/[^\s]+/
|
|
68
|
+
|
|
69
|
+
// ACCEPTABLE: Bounded
|
|
70
|
+
$url = /https?:\/\/[a-z0-9\.\-]{5,50}\/[a-z0-9\/]{1,100}/
|
|
71
|
+
```
|
|
72
|
+
|
|
73
|
+
### Leading Wildcards
|
|
74
|
+
|
|
75
|
+
```yara
|
|
76
|
+
// SLOW: No stable atom at start
|
|
77
|
+
$bad = { ?? ?? 4D 5A 90 00 }
|
|
78
|
+
|
|
79
|
+
// FAST: Stable bytes first
|
|
80
|
+
$good = { 4D 5A 90 00 ?? ?? }
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
### Common Byte Sequences
|
|
84
|
+
|
|
85
|
+
```yara
|
|
86
|
+
// SLOW: Found in most PE files
|
|
87
|
+
$pe_header = { 4D 5A } // MZ
|
|
88
|
+
$dos_stub = "This program" // DOS stub message
|
|
89
|
+
|
|
90
|
+
// BETTER: Add unique context
|
|
91
|
+
$pe_anomaly = { 4D 5A 00 00 00 00 00 00 } // Unusual null-padded MZ
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
## Optimization Techniques
|
|
95
|
+
|
|
96
|
+
### Short-Circuit with Cheap Checks
|
|
97
|
+
|
|
98
|
+
Order conditions from cheapest to most expensive:
|
|
99
|
+
|
|
100
|
+
```yara
|
|
101
|
+
condition:
|
|
102
|
+
// 1. Instant: filesize check
|
|
103
|
+
filesize < 10MB and
|
|
104
|
+
|
|
105
|
+
// 2. Near-instant: magic bytes
|
|
106
|
+
uint16(0) == 0x5A4D and
|
|
107
|
+
|
|
108
|
+
// 3. Fast: string matches (if good atoms)
|
|
109
|
+
all of ($strings_*) and
|
|
110
|
+
|
|
111
|
+
// 4. Moderate: module imports
|
|
112
|
+
pe.imports("kernel32.dll", "VirtualAlloc") and
|
|
113
|
+
|
|
114
|
+
// 5. Slow: expensive computations
|
|
115
|
+
pe.imphash() == "abc123..."
|
|
116
|
+
```
|
|
117
|
+
|
|
118
|
+
If the cheap check fails, expensive checks never run.
|
|
119
|
+
|
|
120
|
+
**Platform adaptation:**
|
|
121
|
+
|
|
122
|
+
| Platform | Short-circuit pattern |
|
|
123
|
+
|----------|----------------------|
|
|
124
|
+
| **PE files** | `filesize < 10MB and uint16(0) == 0x5A4D and ...` |
|
|
125
|
+
| **JavaScript** | `filesize < 1MB and ...` (no magic bytes, JS files are text) |
|
|
126
|
+
| **npm packages** | Check for `"name":` or `package.json` content first |
|
|
127
|
+
| **Office docs (OOXML)** | `filesize < 50MB and uint32(0) == 0x504B0304 and ...` |
|
|
128
|
+
| **Chrome extensions** | `crx.is_crx and ...` (use crx module) |
|
|
129
|
+
| **Android apps** | `dex.header.magic == "dex\n" and ...` (use dex module) |
|
|
130
|
+
|
|
131
|
+
### Use `for..of` Efficiently
|
|
132
|
+
|
|
133
|
+
```yara
|
|
134
|
+
// SLOW: Checks all strings even after match
|
|
135
|
+
any of them
|
|
136
|
+
|
|
137
|
+
// FAST: Short-circuits after first match
|
|
138
|
+
for any of them : ( $ )
|
|
139
|
+
|
|
140
|
+
// OPTIMIZED: With early exit
|
|
141
|
+
for any i in (0..#s1) : ( @s1[i] < 1000 )
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
### Prefer `in` Over Position Calculations
|
|
145
|
+
|
|
146
|
+
```yara
|
|
147
|
+
// SLOWER: Arithmetic
|
|
148
|
+
$header at pe.entry_point + 100
|
|
149
|
+
|
|
150
|
+
// FASTER: Range check
|
|
151
|
+
$header in (pe.entry_point..pe.entry_point + 200)
|
|
152
|
+
```
|
|
153
|
+
|
|
154
|
+
### Avoid Module Overhead When Possible
|
|
155
|
+
|
|
156
|
+
```yara
|
|
157
|
+
// EXPENSIVE: Loads PE module
|
|
158
|
+
pe.entry_point
|
|
159
|
+
|
|
160
|
+
// CHEAP: Direct byte access
|
|
161
|
+
uint32(uint32(0x3C) + 0x28) // Entry point from PE header
|
|
162
|
+
```
|
|
163
|
+
|
|
164
|
+
Use modules when you need complex analysis, but simple byte checks are faster.
|
|
165
|
+
|
|
166
|
+
### Bounded Regex Patterns
|
|
167
|
+
|
|
168
|
+
```yara
|
|
169
|
+
// BAD
|
|
170
|
+
$url = /https?:\/\/[^\s]*/
|
|
171
|
+
|
|
172
|
+
// GOOD: Explicit length bounds
|
|
173
|
+
$url = /https?:\/\/[a-z0-9\.\-]{5,50}\//
|
|
174
|
+
|
|
175
|
+
// BETTER: Fixed prefix for better atom
|
|
176
|
+
$url = /https:\/\/api\.[a-z]{5,20}\.com\//
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
### Regex Performance Rules
|
|
180
|
+
|
|
181
|
+
**Expert guidance:** Anchor every regex to a string atom. Unanchored regex consumes memory proportional to file size.
|
|
182
|
+
|
|
183
|
+
```yara
|
|
184
|
+
// CATASTROPHIC: Runs against every byte, unbounded backtracking
|
|
185
|
+
$bad = /eval\(.*\)/
|
|
186
|
+
|
|
187
|
+
// SLOW: Still unbounded despite negated class
|
|
188
|
+
$bad = /eval\([^\)]+\)/
|
|
189
|
+
|
|
190
|
+
// GOOD: Bounded, controlled, anchored to "eval"
|
|
191
|
+
$good = /eval\s*\(\s*(atob|unescape)\s*\(/ nocase
|
|
192
|
+
```
|
|
193
|
+
|
|
194
|
+
**Rule of thumb:** If your regex doesn't have a literal string of 4+ characters that YARA can extract as an atom, it will be slow. The atom determines which files get checked.
|
|
195
|
+
|
|
196
|
+
```yara
|
|
197
|
+
// NO ATOM: Entirely character classes
|
|
198
|
+
$no_atom = /[a-z]+\.[a-z]+\([^)]*\)/
|
|
199
|
+
|
|
200
|
+
// HAS ATOM: "fetch" is extracted, limits files checked
|
|
201
|
+
$has_atom = /fetch\s*\(\s*['"][^'"]{1,100}['"]\s*\)/
|
|
202
|
+
```
|
|
203
|
+
|
|
204
|
+
**Controlled ranges table:**
|
|
205
|
+
|
|
206
|
+
| Pattern | Performance | Use Case |
|
|
207
|
+
|---------|-------------|----------|
|
|
208
|
+
| `.*` | Catastrophic | Never use |
|
|
209
|
+
| `.+` | Catastrophic | Never use |
|
|
210
|
+
| `[^x]*` | Slow | Avoid |
|
|
211
|
+
| `.{0,30}` | Good | Short variable content |
|
|
212
|
+
| `.{0,100}` | Acceptable | Longer bounded content |
|
|
213
|
+
| `[a-z]{5,20}` | Best | Known character set + length |
|
|
214
|
+
|
|
215
|
+
### Use `fullword` for Word Boundaries
|
|
216
|
+
|
|
217
|
+
```yara
|
|
218
|
+
// May match "MalwareAnalysis" in middle of binary
|
|
219
|
+
$s = "Malware"
|
|
220
|
+
|
|
221
|
+
// Only matches isolated word
|
|
222
|
+
$s = "Malware" fullword
|
|
223
|
+
```
|
|
224
|
+
|
|
225
|
+
## Module Usage Guidelines
|
|
226
|
+
|
|
227
|
+
### Expensive Operations
|
|
228
|
+
|
|
229
|
+
| Operation | Cost | Alternative |
|
|
230
|
+
|-----------|------|-------------|
|
|
231
|
+
| `pe.imphash()` | High | Pre-filter with uint16(0) == 0x5A4D |
|
|
232
|
+
| `hash.md5()` | Very High | Use for small files only |
|
|
233
|
+
| `pe.rich_header` | Moderate | Pre-filter with filesize |
|
|
234
|
+
| `math.entropy()` | High | Use for specific sections only |
|
|
235
|
+
|
|
236
|
+
### Pre-Filter Before Modules
|
|
237
|
+
|
|
238
|
+
```yara
|
|
239
|
+
import "pe"
|
|
240
|
+
import "hash"
|
|
241
|
+
|
|
242
|
+
rule Example
|
|
243
|
+
{
|
|
244
|
+
condition:
|
|
245
|
+
// Pre-filters (instant)
|
|
246
|
+
filesize > 1KB and
|
|
247
|
+
filesize < 5MB and
|
|
248
|
+
uint16(0) == 0x5A4D and
|
|
249
|
+
|
|
250
|
+
// Now safe to use expensive checks
|
|
251
|
+
pe.number_of_sections > 3 and
|
|
252
|
+
hash.md5(0, filesize) == "abc123..."
|
|
253
|
+
}
|
|
254
|
+
```
|
|
255
|
+
|
|
256
|
+
## Measuring Performance
|
|
257
|
+
|
|
258
|
+
### YARA-X Profiling
|
|
259
|
+
|
|
260
|
+
```bash
|
|
261
|
+
# Time rule execution
|
|
262
|
+
time yr scan rules/ /path/to/files/
|
|
263
|
+
|
|
264
|
+
# Count matches without output
|
|
265
|
+
yr scan -c rules/ /path/to/files/
|
|
266
|
+
```
|
|
267
|
+
|
|
268
|
+
### Rule-by-Rule Analysis
|
|
269
|
+
|
|
270
|
+
Test individual rules against a corpus:
|
|
271
|
+
|
|
272
|
+
```bash
|
|
273
|
+
for rule in rules/*.yar; do
|
|
274
|
+
echo "Testing: $rule"
|
|
275
|
+
time yr scan "$rule" /corpus/ > /dev/null
|
|
276
|
+
done
|
|
277
|
+
```
|
|
278
|
+
|
|
279
|
+
### String Quality Check
|
|
280
|
+
|
|
281
|
+
Use the atom analyzer script:
|
|
282
|
+
|
|
283
|
+
```bash
|
|
284
|
+
uv run {baseDir}/scripts/atom_analyzer.py rule.yar
|
|
285
|
+
```
|
|
286
|
+
|
|
287
|
+
## Real-World Examples
|
|
288
|
+
|
|
289
|
+
### Before Optimization
|
|
290
|
+
|
|
291
|
+
```yara
|
|
292
|
+
rule Slow_Example
|
|
293
|
+
{
|
|
294
|
+
strings:
|
|
295
|
+
$s1 = "exe" // 3 bytes
|
|
296
|
+
$s2 = { 00 00 00 00 } // Common nulls
|
|
297
|
+
$url = /.*/ // Unbounded
|
|
298
|
+
|
|
299
|
+
condition:
|
|
300
|
+
pe.imphash() == "abc123" and // Expensive first
|
|
301
|
+
any of them
|
|
302
|
+
}
|
|
303
|
+
```
|
|
304
|
+
|
|
305
|
+
### After Optimization
|
|
306
|
+
|
|
307
|
+
```yara
|
|
308
|
+
rule Fast_Example
|
|
309
|
+
{
|
|
310
|
+
strings:
|
|
311
|
+
$s1 = "malware.exe" fullword // 11 bytes, unique
|
|
312
|
+
$s2 = { 43 4F 4E 46 00 00 00 00 } // "CONF" + nulls
|
|
313
|
+
$url = /https:\/\/[a-z]{5,20}\.com/ // Bounded
|
|
314
|
+
|
|
315
|
+
condition:
|
|
316
|
+
filesize < 10MB and // Instant
|
|
317
|
+
uint16(0) == 0x5A4D and // Instant
|
|
318
|
+
2 of ($s*) and // Fast strings
|
|
319
|
+
pe.imphash() == "abc123" // Expensive last
|
|
320
|
+
}
|
|
321
|
+
```
|
|
322
|
+
|
|
323
|
+
## Checklist
|
|
324
|
+
|
|
325
|
+
Before deploying rules:
|
|
326
|
+
|
|
327
|
+
- [ ] No strings under 4 bytes
|
|
328
|
+
- [ ] No unbounded regex (`.*`, `.+`, `[^x]*`)
|
|
329
|
+
- [ ] No repeated byte patterns without context
|
|
330
|
+
- [ ] Conditions ordered: cheap → expensive
|
|
331
|
+
- [ ] Module checks pre-filtered with magic bytes/filesize
|
|
332
|
+
- [ ] Tested against large corpus for timing
|
|
333
|
+
- [ ] Atom analyzer shows no warnings
|