@elizaos/skills 2.0.0-alpha.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +126 -0
- package/package.json +53 -0
- package/skills/1password/SKILL.md +70 -0
- package/skills/1password/references/cli-examples.md +29 -0
- package/skills/1password/references/get-started.md +17 -0
- package/skills/apple-notes/SKILL.md +77 -0
- package/skills/apple-reminders/SKILL.md +96 -0
- package/skills/bear-notes/SKILL.md +107 -0
- package/skills/bird/SKILL.md +224 -0
- package/skills/blogwatcher/SKILL.md +69 -0
- package/skills/blucli/SKILL.md +47 -0
- package/skills/bluebubbles/SKILL.md +131 -0
- package/skills/camsnap/SKILL.md +45 -0
- package/skills/canvas/SKILL.md +203 -0
- package/skills/clawhub/SKILL.md +77 -0
- package/skills/coding-agent/SKILL.md +284 -0
- package/skills/discord/SKILL.md +578 -0
- package/skills/eightctl/SKILL.md +50 -0
- package/skills/food-order/SKILL.md +48 -0
- package/skills/gemini/SKILL.md +43 -0
- package/skills/gifgrep/SKILL.md +79 -0
- package/skills/github/SKILL.md +77 -0
- package/skills/gog/SKILL.md +116 -0
- package/skills/goplaces/SKILL.md +52 -0
- package/skills/healthcheck/SKILL.md +245 -0
- package/skills/himalaya/SKILL.md +257 -0
- package/skills/himalaya/references/configuration.md +184 -0
- package/skills/himalaya/references/message-composition.md +199 -0
- package/skills/imsg/SKILL.md +74 -0
- package/skills/local-places/SERVER_README.md +101 -0
- package/skills/local-places/SKILL.md +102 -0
- package/skills/local-places/pyproject.toml +21 -0
- package/skills/local-places/src/local_places/__init__.py +2 -0
- package/skills/local-places/src/local_places/google_places.py +314 -0
- package/skills/local-places/src/local_places/main.py +65 -0
- package/skills/local-places/src/local_places/schemas.py +107 -0
- package/skills/mcporter/SKILL.md +61 -0
- package/skills/model-usage/SKILL.md +69 -0
- package/skills/model-usage/references/codexbar-cli.md +33 -0
- package/skills/model-usage/scripts/model_usage.py +310 -0
- package/skills/nano-banana-pro/SKILL.md +58 -0
- package/skills/nano-banana-pro/scripts/generate_image.py +184 -0
- package/skills/nano-pdf/SKILL.md +38 -0
- package/skills/notion/SKILL.md +172 -0
- package/skills/obsidian/SKILL.md +81 -0
- package/skills/openai-image-gen/SKILL.md +89 -0
- package/skills/openai-image-gen/scripts/gen.py +240 -0
- package/skills/openai-whisper/SKILL.md +38 -0
- package/skills/openai-whisper-api/SKILL.md +52 -0
- package/skills/openai-whisper-api/scripts/transcribe.sh +85 -0
- package/skills/openhue/SKILL.md +51 -0
- package/skills/oracle/SKILL.md +125 -0
- package/skills/ordercli/SKILL.md +78 -0
- package/skills/peekaboo/SKILL.md +190 -0
- package/skills/sag/SKILL.md +87 -0
- package/skills/security-ask-questions-if-underspecified/.claude-plugin/plugin.json +10 -0
- package/skills/security-ask-questions-if-underspecified/README.md +24 -0
- package/skills/security-ask-questions-if-underspecified/skills/ask-questions-if-underspecified/SKILL.md +85 -0
- package/skills/security-audit-context-building/.claude-plugin/plugin.json +10 -0
- package/skills/security-audit-context-building/README.md +58 -0
- package/skills/security-audit-context-building/commands/audit-context.md +21 -0
- package/skills/security-audit-context-building/skills/audit-context-building/SKILL.md +297 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/COMPLETENESS_CHECKLIST.md +47 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/FUNCTION_MICRO_ANALYSIS_EXAMPLE.md +355 -0
- package/skills/security-audit-context-building/skills/audit-context-building/resources/OUTPUT_REQUIREMENTS.md +71 -0
- package/skills/security-building-secure-contracts/.claude-plugin/plugin.json +10 -0
- package/skills/security-building-secure-contracts/README.md +241 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/SKILL.md +284 -0
- package/skills/security-building-secure-contracts/skills/algorand-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +405 -0
- package/skills/security-building-secure-contracts/skills/audit-prep-assistant/SKILL.md +409 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/SKILL.md +329 -0
- package/skills/security-building-secure-contracts/skills/cairo-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +722 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/SKILL.md +218 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/ASSESSMENT_CRITERIA.md +355 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/EXAMPLE_REPORT.md +248 -0
- package/skills/security-building-secure-contracts/skills/code-maturity-assessor/resources/REPORT_FORMAT.md +33 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/SKILL.md +334 -0
- package/skills/security-building-secure-contracts/skills/cosmos-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +740 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/SKILL.md +252 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/ASSESSMENT_AREAS.md +329 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/DELIVERABLES.md +118 -0
- package/skills/security-building-secure-contracts/skills/guidelines-advisor/resources/EXAMPLE_REPORT.md +298 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/SKILL.md +161 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/EXAMPLE_REPORT.md +279 -0
- package/skills/security-building-secure-contracts/skills/secure-workflow-guide/resources/WORKFLOW_STEPS.md +132 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/SKILL.md +389 -0
- package/skills/security-building-secure-contracts/skills/solana-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +669 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/SKILL.md +298 -0
- package/skills/security-building-secure-contracts/skills/substrate-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +791 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/SKILL.md +362 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/ASSESSMENT_CATEGORIES.md +571 -0
- package/skills/security-building-secure-contracts/skills/token-integration-analyzer/resources/REPORT_TEMPLATES.md +141 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/SKILL.md +388 -0
- package/skills/security-building-secure-contracts/skills/ton-vulnerability-scanner/resources/VULNERABILITY_PATTERNS.md +595 -0
- package/skills/security-burpsuite-project-parser/.claude-plugin/plugin.json +10 -0
- package/skills/security-burpsuite-project-parser/README.md +103 -0
- package/skills/security-burpsuite-project-parser/commands/burp-search.md +18 -0
- package/skills/security-burpsuite-project-parser/skills/SKILL.md +358 -0
- package/skills/security-burpsuite-project-parser/skills/scripts/burp-search.sh +99 -0
- package/skills/security-claude-in-chrome-troubleshooting/.claude-plugin/plugin.json +8 -0
- package/skills/security-claude-in-chrome-troubleshooting/README.md +31 -0
- package/skills/security-claude-in-chrome-troubleshooting/skills/claude-in-chrome-troubleshooting/SKILL.md +251 -0
- package/skills/security-constant-time-analysis/.claude-plugin/plugin.json +9 -0
- package/skills/security-constant-time-analysis/README.md +381 -0
- package/skills/security-constant-time-analysis/commands/ct-check.md +20 -0
- package/skills/security-constant-time-analysis/ct_analyzer/__init__.py +49 -0
- package/skills/security-constant-time-analysis/ct_analyzer/analyzer.py +1284 -0
- package/skills/security-constant-time-analysis/ct_analyzer/script_analyzers.py +3081 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/__init__.py +1 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_analyzer.py +1397 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/bn_excerpt.js +205 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_constant_time.c +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.c +74 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.go +78 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/decompose_vulnerable.rs +92 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.cs +174 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.java +161 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.kt +181 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.php +140 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.py +252 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.rb +188 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.swift +199 -0
- package/skills/security-constant-time-analysis/ct_analyzer/tests/test_samples/vulnerable.ts +154 -0
- package/skills/security-constant-time-analysis/pyproject.toml +52 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/README.md +90 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/SKILL.md +219 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/compiled.md +129 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/javascript.md +136 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/kotlin.md +252 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/php.md +172 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/python.md +179 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/ruby.md +198 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/swift.md +288 -0
- package/skills/security-constant-time-analysis/skills/constant-time-analysis/references/vm-compiled.md +354 -0
- package/skills/security-constant-time-analysis/uv.lock +8 -0
- package/skills/security-culture-index/.claude-plugin/plugin.json +8 -0
- package/skills/security-culture-index/README.md +79 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/SKILL.md +293 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/anti-patterns.md +255 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/conversation-starters.md +408 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/interview-trait-signals.md +253 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/motivators.md +158 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/patterns-archetypes.md +147 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/primary-traits.md +307 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/secondary-traits.md +228 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/references/team-composition.md +148 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/check_deps.py +108 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/__init__.py +20 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/constants.py +122 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/extract.py +187 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/models.py +16 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/culture_index/opencv_extractor.py +520 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/extract_pdf.py +237 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/scripts/pyproject.toml +18 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/burnout-report.md +113 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/comparison-report.md +103 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/hiring-profile.md +127 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/individual-report.md +85 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/predicted-profile.md +165 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/templates/team-report.md +109 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/analyze-team.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/coach-manager.md +267 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/compare-profiles.md +188 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/define-hiring-profile.md +220 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/detect-burnout.md +206 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/extract-from-pdf.md +121 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interpret-individual.md +183 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/interview-debrief.md +234 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/mediate-conflict.md +306 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/plan-onboarding.md +322 -0
- package/skills/security-culture-index/skills/interpreting-culture-index/workflows/predict-from-interview.md +250 -0
- package/skills/security-differential-review/.claude-plugin/plugin.json +10 -0
- package/skills/security-differential-review/README.md +109 -0
- package/skills/security-differential-review/commands/diff-review.md +21 -0
- package/skills/security-differential-review/skills/differential-review/SKILL.md +220 -0
- package/skills/security-differential-review/skills/differential-review/adversarial.md +203 -0
- package/skills/security-differential-review/skills/differential-review/methodology.md +234 -0
- package/skills/security-differential-review/skills/differential-review/patterns.md +300 -0
- package/skills/security-differential-review/skills/differential-review/reporting.md +369 -0
- package/skills/security-dwarf-expert/.claude-plugin/plugin.json +10 -0
- package/skills/security-dwarf-expert/README.md +38 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/SKILL.md +93 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/coding.md +31 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/dwarfdump.md +50 -0
- package/skills/security-dwarf-expert/skills/dwarf-expert/reference/readelf.md +8 -0
- package/skills/security-entry-point-analyzer/.claude-plugin/plugin.json +10 -0
- package/skills/security-entry-point-analyzer/README.md +74 -0
- package/skills/security-entry-point-analyzer/commands/entry-points.md +18 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/SKILL.md +251 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/cosmwasm.md +182 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-aptos.md +107 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/move-sui.md +87 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solana.md +155 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/solidity.md +135 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/ton.md +185 -0
- package/skills/security-entry-point-analyzer/skills/entry-point-analyzer/references/vyper.md +141 -0
- package/skills/security-firebase-apk-scanner/.claude-plugin/plugin.json +10 -0
- package/skills/security-firebase-apk-scanner/README.md +85 -0
- package/skills/security-firebase-apk-scanner/commands/scan-apk.md +18 -0
- package/skills/security-firebase-apk-scanner/scanner.sh +1408 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/SKILL.md +197 -0
- package/skills/security-firebase-apk-scanner/skills/firebase-apk-scanner/references/vulnerabilities.md +803 -0
- package/skills/security-fix-review/.claude-plugin/plugin.json +13 -0
- package/skills/security-fix-review/README.md +118 -0
- package/skills/security-fix-review/commands/fix-review.md +24 -0
- package/skills/security-fix-review/skills/fix-review/SKILL.md +264 -0
- package/skills/security-fix-review/skills/fix-review/references/bug-detection.md +408 -0
- package/skills/security-fix-review/skills/fix-review/references/finding-matching.md +298 -0
- package/skills/security-fix-review/skills/fix-review/references/report-parsing.md +398 -0
- package/skills/security-insecure-defaults/.claude-plugin/plugin.json +10 -0
- package/skills/security-insecure-defaults/README.md +45 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/SKILL.md +117 -0
- package/skills/security-insecure-defaults/skills/insecure-defaults/references/examples.md +409 -0
- package/skills/security-modern-python/.claude-plugin/plugin.json +10 -0
- package/skills/security-modern-python/README.md +58 -0
- package/skills/security-modern-python/hooks/hooks.json +16 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.bats +388 -0
- package/skills/security-modern-python/hooks/intercept-legacy-python.sh +109 -0
- package/skills/security-modern-python/hooks/test_helper.bash +75 -0
- package/skills/security-modern-python/skills/modern-python/SKILL.md +333 -0
- package/skills/security-modern-python/skills/modern-python/references/dependabot.md +43 -0
- package/skills/security-modern-python/skills/modern-python/references/migration-checklist.md +141 -0
- package/skills/security-modern-python/skills/modern-python/references/pep723-scripts.md +259 -0
- package/skills/security-modern-python/skills/modern-python/references/prek.md +211 -0
- package/skills/security-modern-python/skills/modern-python/references/pyproject.md +254 -0
- package/skills/security-modern-python/skills/modern-python/references/ruff-config.md +240 -0
- package/skills/security-modern-python/skills/modern-python/references/security-setup.md +255 -0
- package/skills/security-modern-python/skills/modern-python/references/testing.md +284 -0
- package/skills/security-modern-python/skills/modern-python/references/uv-commands.md +200 -0
- package/skills/security-modern-python/skills/modern-python/templates/dependabot.yml +36 -0
- package/skills/security-modern-python/skills/modern-python/templates/pre-commit-config.yaml +66 -0
- package/skills/security-property-based-testing/.claude-plugin/plugin.json +9 -0
- package/skills/security-property-based-testing/README.md +47 -0
- package/skills/security-property-based-testing/skills/property-based-testing/README.md +88 -0
- package/skills/security-property-based-testing/skills/property-based-testing/SKILL.md +109 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/design.md +191 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/generating.md +200 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/libraries.md +130 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/refactoring.md +181 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/reviewing.md +209 -0
- package/skills/security-property-based-testing/skills/property-based-testing/references/strategies.md +124 -0
- package/skills/semgrep-rule-creator/.claude-plugin/plugin.json +8 -0
- package/skills/semgrep-rule-creator/README.md +43 -0
- package/skills/semgrep-rule-creator/commands/semgrep-rule.md +26 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/SKILL.md +168 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/quick-reference.md +203 -0
- package/skills/semgrep-rule-creator/skills/semgrep-rule-creator/references/workflow.md +240 -0
- package/skills/semgrep-rule-variant-creator/.claude-plugin/plugin.json +9 -0
- package/skills/semgrep-rule-variant-creator/README.md +86 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/SKILL.md +205 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/applicability-analysis.md +250 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/language-syntax-guide.md +324 -0
- package/skills/semgrep-rule-variant-creator/skills/semgrep-rule-variant-creator/references/workflow.md +518 -0
- package/skills/session-logs/SKILL.md +115 -0
- package/skills/sharp-edges/.claude-plugin/plugin.json +10 -0
- package/skills/sharp-edges/README.md +48 -0
- package/skills/sharp-edges/skills/sharp-edges/SKILL.md +292 -0
- package/skills/sharp-edges/skills/sharp-edges/references/auth-patterns.md +252 -0
- package/skills/sharp-edges/skills/sharp-edges/references/case-studies.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/config-patterns.md +333 -0
- package/skills/sharp-edges/skills/sharp-edges/references/crypto-apis.md +190 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-c.md +205 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-csharp.md +285 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-go.md +270 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-java.md +263 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-javascript.md +269 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-kotlin.md +265 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-php.md +245 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-python.md +274 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-ruby.md +273 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-rust.md +272 -0
- package/skills/sharp-edges/skills/sharp-edges/references/lang-swift.md +287 -0
- package/skills/sharp-edges/skills/sharp-edges/references/language-specific.md +588 -0
- package/skills/sherpa-onnx-tts/SKILL.md +103 -0
- package/skills/sherpa-onnx-tts/bin/sherpa-onnx-tts +178 -0
- package/skills/skill-creator/SKILL.md +370 -0
- package/skills/skill-creator/license.txt +202 -0
- package/skills/skill-creator/scripts/init_skill.py +378 -0
- package/skills/skill-creator/scripts/package_skill.py +111 -0
- package/skills/skill-creator/scripts/quick_validate.py +101 -0
- package/skills/slack/SKILL.md +144 -0
- package/skills/songsee/SKILL.md +49 -0
- package/skills/sonoscli/SKILL.md +46 -0
- package/skills/spec-to-code-compliance/.claude-plugin/plugin.json +10 -0
- package/skills/spec-to-code-compliance/README.md +67 -0
- package/skills/spec-to-code-compliance/commands/spec-compliance.md +22 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/SKILL.md +349 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/COMPLETENESS_CHECKLIST.md +69 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/IR_EXAMPLES.md +417 -0
- package/skills/spec-to-code-compliance/skills/spec-to-code-compliance/resources/OUTPUT_REQUIREMENTS.md +105 -0
- package/skills/spotify-player/SKILL.md +64 -0
- package/skills/static-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/static-analysis/README.md +59 -0
- package/skills/static-analysis/skills/codeql/SKILL.md +315 -0
- package/skills/static-analysis/skills/sarif-parsing/SKILL.md +479 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/jq-queries.md +162 -0
- package/skills/static-analysis/skills/sarif-parsing/resources/sarif_helpers.py +331 -0
- package/skills/static-analysis/skills/semgrep/SKILL.md +337 -0
- package/skills/summarize/SKILL.md +87 -0
- package/skills/testing-handbook-skills/.claude-plugin/plugin.json +8 -0
- package/skills/testing-handbook-skills/README.md +241 -0
- package/skills/testing-handbook-skills/scripts/pyproject.toml +8 -0
- package/skills/testing-handbook-skills/scripts/validate-skills.py +657 -0
- package/skills/testing-handbook-skills/skills/address-sanitizer/SKILL.md +341 -0
- package/skills/testing-handbook-skills/skills/aflpp/SKILL.md +640 -0
- package/skills/testing-handbook-skills/skills/atheris/SKILL.md +515 -0
- package/skills/testing-handbook-skills/skills/cargo-fuzz/SKILL.md +454 -0
- package/skills/testing-handbook-skills/skills/codeql/SKILL.md +549 -0
- package/skills/testing-handbook-skills/skills/constant-time-testing/SKILL.md +507 -0
- package/skills/testing-handbook-skills/skills/coverage-analysis/SKILL.md +607 -0
- package/skills/testing-handbook-skills/skills/fuzzing-dictionary/SKILL.md +297 -0
- package/skills/testing-handbook-skills/skills/fuzzing-obstacles/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/harness-writing/SKILL.md +614 -0
- package/skills/testing-handbook-skills/skills/libafl/SKILL.md +625 -0
- package/skills/testing-handbook-skills/skills/libfuzzer/SKILL.md +795 -0
- package/skills/testing-handbook-skills/skills/ossfuzz/SKILL.md +426 -0
- package/skills/testing-handbook-skills/skills/ruzzy/SKILL.md +443 -0
- package/skills/testing-handbook-skills/skills/semgrep/SKILL.md +601 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/SKILL.md +372 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/agent-prompt.md +280 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/discovery.md +452 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/domain-skill.md +504 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/fuzzer-skill.md +454 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/technique-skill.md +527 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/templates/tool-skill.md +366 -0
- package/skills/testing-handbook-skills/skills/testing-handbook-generator/testing.md +482 -0
- package/skills/testing-handbook-skills/skills/wycheproof/SKILL.md +533 -0
- package/skills/things-mac/SKILL.md +86 -0
- package/skills/tmux/SKILL.md +135 -0
- package/skills/tmux/scripts/find-sessions.sh +112 -0
- package/skills/tmux/scripts/wait-for-text.sh +83 -0
- package/skills/trello/SKILL.md +95 -0
- package/skills/variant-analysis/.claude-plugin/plugin.json +8 -0
- package/skills/variant-analysis/README.md +41 -0
- package/skills/variant-analysis/commands/variants.md +23 -0
- package/skills/variant-analysis/skills/variant-analysis/METHODOLOGY.md +327 -0
- package/skills/variant-analysis/skills/variant-analysis/SKILL.md +142 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/cpp.ql +119 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/go.ql +69 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/java.ql +71 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/javascript.ql +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/codeql/python.ql +80 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/cpp.yaml +98 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/go.yaml +63 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/java.yaml +61 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/javascript.yaml +60 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/semgrep/python.yaml +72 -0
- package/skills/variant-analysis/skills/variant-analysis/resources/variant-report-template.md +75 -0
- package/skills/video-frames/SKILL.md +46 -0
- package/skills/video-frames/scripts/frame.sh +81 -0
- package/skills/voice-call/SKILL.md +45 -0
- package/skills/wacli/SKILL.md +72 -0
- package/skills/weather/SKILL.md +54 -0
- package/skills/yara-authoring/.claude-plugin/plugin.json +9 -0
- package/skills/yara-authoring/README.md +131 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/SKILL.md +645 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Mac_ProtonRAT_Jan25.yar +99 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_NPM_SupplyChain_Jan25.yar +170 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/MAL_Win_Remcos_Jan25.yar +103 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_CRX_SuspiciousPermissions.yar +134 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/examples/SUSP_JS_Obfuscation_Jan25.yar +185 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/crx-module.md +214 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/dex-module.md +383 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/performance.md +333 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/strings.md +433 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/style-guide.md +257 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/references/testing.md +399 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/atom_analyzer.py +526 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/pyproject.toml +25 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/scripts/yara_lint.py +631 -0
- package/skills/yara-authoring/skills/yara-rule-authoring/workflows/rule-development.md +493 -0
|
@@ -0,0 +1,526 @@
|
|
|
1
|
+
# /// script
|
|
2
|
+
# requires-python = ">=3.11"
|
|
3
|
+
# dependencies = ["yara-x>=0.10.0"]
|
|
4
|
+
# ///
|
|
5
|
+
"""YARA-X string atom quality analyzer.
|
|
6
|
+
|
|
7
|
+
Analyzes strings for efficient atom extraction, identifying patterns that
|
|
8
|
+
will cause poor scanning performance. Uses yara-x for rule validation.
|
|
9
|
+
|
|
10
|
+
Usage:
|
|
11
|
+
uv run atom_analyzer.py rule.yar
|
|
12
|
+
uv run atom_analyzer.py --verbose rule.yar
|
|
13
|
+
"""
|
|
14
|
+
|
|
15
|
+
from __future__ import annotations
|
|
16
|
+
|
|
17
|
+
import argparse
|
|
18
|
+
import re
|
|
19
|
+
import sys
|
|
20
|
+
from dataclasses import dataclass
|
|
21
|
+
from pathlib import Path
|
|
22
|
+
from typing import TYPE_CHECKING
|
|
23
|
+
|
|
24
|
+
import yara_x
|
|
25
|
+
|
|
26
|
+
if TYPE_CHECKING:
|
|
27
|
+
from collections.abc import Iterator
|
|
28
|
+
|
|
29
|
+
|
|
30
|
+
@dataclass
|
|
31
|
+
class AtomIssue:
|
|
32
|
+
"""An issue with atom quality."""
|
|
33
|
+
|
|
34
|
+
string_id: str
|
|
35
|
+
severity: str # error, warning, info
|
|
36
|
+
message: str
|
|
37
|
+
suggestion: str | None = None
|
|
38
|
+
|
|
39
|
+
|
|
40
|
+
@dataclass
|
|
41
|
+
class StringAnalysis:
|
|
42
|
+
"""Analysis of a single string's atom quality."""
|
|
43
|
+
|
|
44
|
+
string_id: str
|
|
45
|
+
string_type: str
|
|
46
|
+
raw_value: str
|
|
47
|
+
byte_count: int
|
|
48
|
+
issues: list[AtomIssue]
|
|
49
|
+
best_atom: str | None = None
|
|
50
|
+
|
|
51
|
+
|
|
52
|
+
# Repeated byte patterns that generate poor atoms
|
|
53
|
+
REPEATED_PATTERNS = [
|
|
54
|
+
(rb"\x00\x00\x00\x00", "null bytes (0x00000000)"),
|
|
55
|
+
(rb"\x90\x90\x90\x90", "NOP sled (0x90909090)"),
|
|
56
|
+
(rb"\xCC\xCC\xCC\xCC", "INT3 padding (0xCCCCCCCC)"),
|
|
57
|
+
(rb"\xFF\xFF\xFF\xFF", "all 0xFF bytes"),
|
|
58
|
+
(rb"\x20\x20\x20\x20", "spaces (0x20202020)"),
|
|
59
|
+
]
|
|
60
|
+
|
|
61
|
+
# Common 4-byte sequences that appear in many files
|
|
62
|
+
COMMON_SEQUENCES = [
|
|
63
|
+
b"This", # "This program..."
|
|
64
|
+
b"prog",
|
|
65
|
+
b"MODE",
|
|
66
|
+
b"rich", # Rich header
|
|
67
|
+
b".tex", # Section names
|
|
68
|
+
b".dat",
|
|
69
|
+
b".rsr",
|
|
70
|
+
b"MZ\x90\x00", # Standard MZ header
|
|
71
|
+
b"http",
|
|
72
|
+
b"HTTP",
|
|
73
|
+
]
|
|
74
|
+
|
|
75
|
+
|
|
76
|
+
def hex_string_to_bytes(hex_str: str) -> tuple[bytes, list[int]]:
|
|
77
|
+
"""Convert YARA hex string to bytes and wildcard positions.
|
|
78
|
+
|
|
79
|
+
Returns:
|
|
80
|
+
Tuple of (bytes with wildcards as 0x00, list of wildcard positions)
|
|
81
|
+
"""
|
|
82
|
+
# Remove braces and normalize
|
|
83
|
+
hex_str = hex_str.strip().strip("{}").strip()
|
|
84
|
+
|
|
85
|
+
# Parse hex bytes
|
|
86
|
+
result = bytearray()
|
|
87
|
+
wildcard_positions = []
|
|
88
|
+
|
|
89
|
+
tokens = hex_str.split()
|
|
90
|
+
pos = 0
|
|
91
|
+
|
|
92
|
+
for token in tokens:
|
|
93
|
+
if token == "??":
|
|
94
|
+
result.append(0x00)
|
|
95
|
+
wildcard_positions.append(pos)
|
|
96
|
+
pos += 1
|
|
97
|
+
elif re.match(r"^[0-9A-Fa-f]{2}$", token):
|
|
98
|
+
result.append(int(token, 16))
|
|
99
|
+
pos += 1
|
|
100
|
+
elif re.match(r"^[0-9A-Fa-f?]{2}$", token):
|
|
101
|
+
# Nibble wildcard like "5?" or "?A"
|
|
102
|
+
result.append(0x00)
|
|
103
|
+
wildcard_positions.append(pos)
|
|
104
|
+
pos += 1
|
|
105
|
+
# Skip jumps and alternatives for simplicity
|
|
106
|
+
|
|
107
|
+
return bytes(result), wildcard_positions
|
|
108
|
+
|
|
109
|
+
|
|
110
|
+
def find_best_atom(data: bytes, wildcard_positions: list[int]) -> tuple[str | None, int]:
|
|
111
|
+
"""Find the best 4-byte atom in a byte sequence.
|
|
112
|
+
|
|
113
|
+
Returns:
|
|
114
|
+
Tuple of (atom as hex string, score 0-100)
|
|
115
|
+
"""
|
|
116
|
+
if len(data) < 4:
|
|
117
|
+
return None, 0
|
|
118
|
+
|
|
119
|
+
best_atom = None
|
|
120
|
+
best_score = 0
|
|
121
|
+
|
|
122
|
+
for i in range(len(data) - 3):
|
|
123
|
+
# Skip if any byte in this window is a wildcard
|
|
124
|
+
if any(p in range(i, i + 4) for p in wildcard_positions):
|
|
125
|
+
continue
|
|
126
|
+
|
|
127
|
+
atom = data[i : i + 4]
|
|
128
|
+
score = score_atom(atom)
|
|
129
|
+
|
|
130
|
+
if score > best_score:
|
|
131
|
+
best_score = score
|
|
132
|
+
best_atom = atom.hex().upper()
|
|
133
|
+
|
|
134
|
+
return best_atom, best_score
|
|
135
|
+
|
|
136
|
+
|
|
137
|
+
def score_atom(atom: bytes) -> int:
|
|
138
|
+
"""Score a 4-byte atom for quality (0-100)."""
|
|
139
|
+
if len(atom) != 4:
|
|
140
|
+
return 0
|
|
141
|
+
|
|
142
|
+
score = 100
|
|
143
|
+
|
|
144
|
+
# Penalize repeated bytes
|
|
145
|
+
if len(set(atom)) == 1:
|
|
146
|
+
score -= 80 # All same byte
|
|
147
|
+
elif len(set(atom)) == 2:
|
|
148
|
+
score -= 40 # Only 2 unique bytes
|
|
149
|
+
|
|
150
|
+
# Penalize null bytes
|
|
151
|
+
null_count = atom.count(0x00)
|
|
152
|
+
score -= null_count * 15
|
|
153
|
+
|
|
154
|
+
# Penalize known common patterns
|
|
155
|
+
for pattern, _ in REPEATED_PATTERNS:
|
|
156
|
+
if pattern in atom:
|
|
157
|
+
score -= 60
|
|
158
|
+
break
|
|
159
|
+
|
|
160
|
+
# Penalize common sequences
|
|
161
|
+
for seq in COMMON_SEQUENCES:
|
|
162
|
+
if seq in atom:
|
|
163
|
+
score -= 30
|
|
164
|
+
break
|
|
165
|
+
|
|
166
|
+
# Penalize printable ASCII-only (less unique)
|
|
167
|
+
if all(0x20 <= b <= 0x7E for b in atom):
|
|
168
|
+
score -= 10
|
|
169
|
+
|
|
170
|
+
return max(0, score)
|
|
171
|
+
|
|
172
|
+
|
|
173
|
+
def analyze_text_string(string_id: str, value: str, modifiers: list[str]) -> StringAnalysis:
|
|
174
|
+
"""Analyze a text string for atom quality."""
|
|
175
|
+
issues = []
|
|
176
|
+
|
|
177
|
+
byte_count = len(value)
|
|
178
|
+
|
|
179
|
+
# Check minimum length
|
|
180
|
+
if byte_count < 4:
|
|
181
|
+
issues.append(
|
|
182
|
+
AtomIssue(
|
|
183
|
+
string_id=string_id,
|
|
184
|
+
severity="error",
|
|
185
|
+
message=f"String is only {byte_count} bytes; no valid 4-byte atom possible",
|
|
186
|
+
suggestion="Use a longer string (4+ bytes minimum)",
|
|
187
|
+
)
|
|
188
|
+
)
|
|
189
|
+
return StringAnalysis(
|
|
190
|
+
string_id=string_id,
|
|
191
|
+
string_type="text",
|
|
192
|
+
raw_value=value,
|
|
193
|
+
byte_count=byte_count,
|
|
194
|
+
issues=issues,
|
|
195
|
+
)
|
|
196
|
+
|
|
197
|
+
# YARA-X specific: base64 modifier requires 3+ chars
|
|
198
|
+
if "base64" in modifiers and byte_count < 3:
|
|
199
|
+
issues.append(
|
|
200
|
+
AtomIssue(
|
|
201
|
+
string_id=string_id,
|
|
202
|
+
severity="error",
|
|
203
|
+
message=f"String uses 'base64' but is only {byte_count} chars; "
|
|
204
|
+
"YARA-X requires 3+ characters for base64 modifier",
|
|
205
|
+
suggestion="Use a string of 3+ characters with base64 modifier",
|
|
206
|
+
)
|
|
207
|
+
)
|
|
208
|
+
|
|
209
|
+
# Convert to bytes for analysis
|
|
210
|
+
try:
|
|
211
|
+
data = value.encode("utf-8")
|
|
212
|
+
except UnicodeEncodeError:
|
|
213
|
+
data = value.encode("latin-1")
|
|
214
|
+
|
|
215
|
+
best_atom, score = find_best_atom(data, [])
|
|
216
|
+
|
|
217
|
+
# Check score
|
|
218
|
+
if score < 30:
|
|
219
|
+
issues.append(
|
|
220
|
+
AtomIssue(
|
|
221
|
+
string_id=string_id,
|
|
222
|
+
severity="error",
|
|
223
|
+
message=f"Best atom score is {score}/100; string will cause slow scanning",
|
|
224
|
+
suggestion="Choose a more unique string or add distinguishing bytes",
|
|
225
|
+
)
|
|
226
|
+
)
|
|
227
|
+
elif score < 60:
|
|
228
|
+
issues.append(
|
|
229
|
+
AtomIssue(
|
|
230
|
+
string_id=string_id,
|
|
231
|
+
severity="warning",
|
|
232
|
+
message=f"Best atom score is {score}/100; may cause performance issues",
|
|
233
|
+
)
|
|
234
|
+
)
|
|
235
|
+
|
|
236
|
+
# Check modifiers
|
|
237
|
+
if "nocase" in modifiers and byte_count > 15:
|
|
238
|
+
issues.append(
|
|
239
|
+
AtomIssue(
|
|
240
|
+
string_id=string_id,
|
|
241
|
+
severity="info",
|
|
242
|
+
message="'nocase' on long string doubles atom generation",
|
|
243
|
+
suggestion="Consider if case-insensitivity is truly needed",
|
|
244
|
+
)
|
|
245
|
+
)
|
|
246
|
+
|
|
247
|
+
if "wide" in modifiers and "ascii" in modifiers:
|
|
248
|
+
issues.append(
|
|
249
|
+
AtomIssue(
|
|
250
|
+
string_id=string_id,
|
|
251
|
+
severity="info",
|
|
252
|
+
message="'wide ascii' doubles matching; ensure both encodings are needed",
|
|
253
|
+
)
|
|
254
|
+
)
|
|
255
|
+
|
|
256
|
+
return StringAnalysis(
|
|
257
|
+
string_id=string_id,
|
|
258
|
+
string_type="text",
|
|
259
|
+
raw_value=value,
|
|
260
|
+
byte_count=byte_count,
|
|
261
|
+
issues=issues,
|
|
262
|
+
best_atom=best_atom,
|
|
263
|
+
)
|
|
264
|
+
|
|
265
|
+
|
|
266
|
+
def analyze_hex_string(string_id: str, value: str) -> StringAnalysis:
|
|
267
|
+
"""Analyze a hex string for atom quality."""
|
|
268
|
+
issues = []
|
|
269
|
+
|
|
270
|
+
data, wildcard_positions = hex_string_to_bytes(value)
|
|
271
|
+
byte_count = len(data)
|
|
272
|
+
|
|
273
|
+
# Check minimum length
|
|
274
|
+
if byte_count < 4:
|
|
275
|
+
issues.append(
|
|
276
|
+
AtomIssue(
|
|
277
|
+
string_id=string_id,
|
|
278
|
+
severity="error",
|
|
279
|
+
message=f"Hex string is only {byte_count} bytes; no valid 4-byte atom possible",
|
|
280
|
+
suggestion="Use a longer hex pattern (4+ bytes minimum)",
|
|
281
|
+
)
|
|
282
|
+
)
|
|
283
|
+
return StringAnalysis(
|
|
284
|
+
string_id=string_id,
|
|
285
|
+
string_type="byte",
|
|
286
|
+
raw_value=value,
|
|
287
|
+
byte_count=byte_count,
|
|
288
|
+
issues=issues,
|
|
289
|
+
)
|
|
290
|
+
|
|
291
|
+
# Check for leading wildcards
|
|
292
|
+
if 0 in wildcard_positions and 1 in wildcard_positions:
|
|
293
|
+
issues.append(
|
|
294
|
+
AtomIssue(
|
|
295
|
+
string_id=string_id,
|
|
296
|
+
severity="warning",
|
|
297
|
+
message="Hex string starts with wildcards; atoms will be extracted from middle/end",
|
|
298
|
+
suggestion="Move fixed bytes to the beginning if possible",
|
|
299
|
+
)
|
|
300
|
+
)
|
|
301
|
+
|
|
302
|
+
# Check wildcard density
|
|
303
|
+
if wildcard_positions:
|
|
304
|
+
wildcard_ratio = len(wildcard_positions) / byte_count
|
|
305
|
+
if wildcard_ratio > 0.5:
|
|
306
|
+
issues.append(
|
|
307
|
+
AtomIssue(
|
|
308
|
+
string_id=string_id,
|
|
309
|
+
severity="warning",
|
|
310
|
+
message=f"High wildcard density ({wildcard_ratio:.0%}); may limit atom options",
|
|
311
|
+
)
|
|
312
|
+
)
|
|
313
|
+
|
|
314
|
+
best_atom, score = find_best_atom(data, wildcard_positions)
|
|
315
|
+
|
|
316
|
+
if best_atom is None:
|
|
317
|
+
issues.append(
|
|
318
|
+
AtomIssue(
|
|
319
|
+
string_id=string_id,
|
|
320
|
+
severity="error",
|
|
321
|
+
message="No valid 4-byte atom found (too many wildcards)",
|
|
322
|
+
suggestion="Reduce wildcards or add fixed byte sequences",
|
|
323
|
+
)
|
|
324
|
+
)
|
|
325
|
+
elif score < 30:
|
|
326
|
+
issues.append(
|
|
327
|
+
AtomIssue(
|
|
328
|
+
string_id=string_id,
|
|
329
|
+
severity="error",
|
|
330
|
+
message=f"Best atom score is {score}/100; string will cause slow scanning",
|
|
331
|
+
)
|
|
332
|
+
)
|
|
333
|
+
elif score < 60:
|
|
334
|
+
issues.append(
|
|
335
|
+
AtomIssue(
|
|
336
|
+
string_id=string_id,
|
|
337
|
+
severity="warning",
|
|
338
|
+
message=f"Best atom score is {score}/100; may cause performance issues",
|
|
339
|
+
)
|
|
340
|
+
)
|
|
341
|
+
|
|
342
|
+
return StringAnalysis(
|
|
343
|
+
string_id=string_id,
|
|
344
|
+
string_type="byte",
|
|
345
|
+
raw_value=value,
|
|
346
|
+
byte_count=byte_count,
|
|
347
|
+
issues=issues,
|
|
348
|
+
best_atom=best_atom,
|
|
349
|
+
)
|
|
350
|
+
|
|
351
|
+
|
|
352
|
+
def extract_strings(content: str, rule_name: str) -> list[dict]:
|
|
353
|
+
"""Extract strings from a rule using regex."""
|
|
354
|
+
strings = []
|
|
355
|
+
|
|
356
|
+
# Find the rule block
|
|
357
|
+
rule_pattern = rf"rule\s+{re.escape(rule_name)}\s*\{{"
|
|
358
|
+
rule_match = re.search(rule_pattern, content)
|
|
359
|
+
if not rule_match:
|
|
360
|
+
return strings
|
|
361
|
+
|
|
362
|
+
# Find strings section
|
|
363
|
+
start = rule_match.end()
|
|
364
|
+
brace_count = 1
|
|
365
|
+
pos = start
|
|
366
|
+
while pos < len(content) and brace_count > 0:
|
|
367
|
+
if content[pos] == "{":
|
|
368
|
+
brace_count += 1
|
|
369
|
+
elif content[pos] == "}":
|
|
370
|
+
brace_count -= 1
|
|
371
|
+
pos += 1
|
|
372
|
+
|
|
373
|
+
rule_content = content[start : pos - 1]
|
|
374
|
+
|
|
375
|
+
strings_match = re.search(r"strings\s*:\s*(.*?)(?=condition\s*:|$)", rule_content, re.DOTALL)
|
|
376
|
+
if not strings_match:
|
|
377
|
+
return strings
|
|
378
|
+
|
|
379
|
+
strings_section = strings_match.group(1)
|
|
380
|
+
|
|
381
|
+
# Parse text strings: $name = "value" modifiers
|
|
382
|
+
for match in re.finditer(r'(\$\w+)\s*=\s*"([^"]*)"([^\n]*)', strings_section):
|
|
383
|
+
modifiers = match.group(3).strip().split()
|
|
384
|
+
strings.append(
|
|
385
|
+
{
|
|
386
|
+
"name": match.group(1),
|
|
387
|
+
"value": match.group(2),
|
|
388
|
+
"type": "text",
|
|
389
|
+
"modifiers": modifiers,
|
|
390
|
+
}
|
|
391
|
+
)
|
|
392
|
+
|
|
393
|
+
# Parse hex strings: $name = { hex }
|
|
394
|
+
for match in re.finditer(r"(\$\w+)\s*=\s*\{([^}]*)\}", strings_section):
|
|
395
|
+
strings.append(
|
|
396
|
+
{
|
|
397
|
+
"name": match.group(1),
|
|
398
|
+
"value": match.group(2).strip(),
|
|
399
|
+
"type": "byte",
|
|
400
|
+
"modifiers": [],
|
|
401
|
+
}
|
|
402
|
+
)
|
|
403
|
+
|
|
404
|
+
# Parse regex strings: $name = /pattern/ modifiers
|
|
405
|
+
for match in re.finditer(r"(\$\w+)\s*=\s*/([^/]*)/([^\n]*)", strings_section):
|
|
406
|
+
modifiers = match.group(3).strip().split()
|
|
407
|
+
strings.append(
|
|
408
|
+
{
|
|
409
|
+
"name": match.group(1),
|
|
410
|
+
"value": match.group(2),
|
|
411
|
+
"type": "regex",
|
|
412
|
+
"modifiers": modifiers,
|
|
413
|
+
}
|
|
414
|
+
)
|
|
415
|
+
|
|
416
|
+
return strings
|
|
417
|
+
|
|
418
|
+
|
|
419
|
+
def extract_rule_names(content: str) -> list[str]:
|
|
420
|
+
"""Extract rule names from YARA source."""
|
|
421
|
+
return re.findall(r"(?:private\s+)?rule\s+(\w+)\s*[:{]", content)
|
|
422
|
+
|
|
423
|
+
|
|
424
|
+
def analyze_rule(rule_name: str, content: str) -> Iterator[StringAnalysis]:
|
|
425
|
+
"""Analyze all strings in a rule."""
|
|
426
|
+
strings = extract_strings(content, rule_name)
|
|
427
|
+
|
|
428
|
+
for string in strings:
|
|
429
|
+
string_id = string.get("name", "$unknown")
|
|
430
|
+
string_value = string.get("value", "")
|
|
431
|
+
string_type = string.get("type", "text")
|
|
432
|
+
modifiers = string.get("modifiers", [])
|
|
433
|
+
|
|
434
|
+
if string_type == "text":
|
|
435
|
+
yield analyze_text_string(string_id, string_value, modifiers)
|
|
436
|
+
elif string_type == "byte":
|
|
437
|
+
yield analyze_hex_string(string_id, string_value)
|
|
438
|
+
# Regex strings are harder to analyze for atoms; skip for now
|
|
439
|
+
|
|
440
|
+
|
|
441
|
+
def analyze_file(file_path: Path, *, verbose: bool = False) -> int:
|
|
442
|
+
"""Analyze a YARA file and print results."""
|
|
443
|
+
try:
|
|
444
|
+
content = file_path.read_text()
|
|
445
|
+
except OSError as e:
|
|
446
|
+
print(f"Error reading {file_path}: {e}", file=sys.stderr)
|
|
447
|
+
return 1
|
|
448
|
+
|
|
449
|
+
# Validate with yara-x first
|
|
450
|
+
try:
|
|
451
|
+
compiler = yara_x.Compiler()
|
|
452
|
+
compiler.add_source(content)
|
|
453
|
+
compiler.build()
|
|
454
|
+
except yara_x.CompileError as e:
|
|
455
|
+
print(f"\033[91mYARA-X compilation error in {file_path}:\033[0m {e}", file=sys.stderr)
|
|
456
|
+
# Continue with analysis anyway for educational purposes
|
|
457
|
+
|
|
458
|
+
rule_names = extract_rule_names(content)
|
|
459
|
+
has_issues = False
|
|
460
|
+
|
|
461
|
+
for rule_name in rule_names:
|
|
462
|
+
analyses = list(analyze_rule(rule_name, content))
|
|
463
|
+
|
|
464
|
+
rule_has_issues = any(a.issues for a in analyses)
|
|
465
|
+
if rule_has_issues or verbose:
|
|
466
|
+
print(f"\n\033[1m{rule_name}\033[0m")
|
|
467
|
+
|
|
468
|
+
for analysis in analyses:
|
|
469
|
+
if not analysis.issues and not verbose:
|
|
470
|
+
continue
|
|
471
|
+
|
|
472
|
+
has_issues = has_issues or bool(analysis.issues)
|
|
473
|
+
|
|
474
|
+
if verbose:
|
|
475
|
+
atom_info = f" [atom: {analysis.best_atom}]" if analysis.best_atom else ""
|
|
476
|
+
print(f" {analysis.string_id}: {analysis.byte_count} bytes{atom_info}")
|
|
477
|
+
|
|
478
|
+
for issue in analysis.issues:
|
|
479
|
+
if issue.severity == "error":
|
|
480
|
+
color = "\033[91m"
|
|
481
|
+
elif issue.severity == "warning":
|
|
482
|
+
color = "\033[93m"
|
|
483
|
+
else:
|
|
484
|
+
color = "\033[94m"
|
|
485
|
+
|
|
486
|
+
print(f" {color}{issue.severity.upper()}\033[0m: {issue.message}")
|
|
487
|
+
if issue.suggestion:
|
|
488
|
+
print(f" Suggestion: {issue.suggestion}")
|
|
489
|
+
|
|
490
|
+
if not has_issues:
|
|
491
|
+
print(f"\n✓ All strings in {file_path} have good atom quality")
|
|
492
|
+
return 0
|
|
493
|
+
|
|
494
|
+
return 1
|
|
495
|
+
|
|
496
|
+
|
|
497
|
+
def main() -> int:
|
|
498
|
+
parser = argparse.ArgumentParser(description="YARA-X string atom quality analyzer")
|
|
499
|
+
parser.add_argument("path", type=Path, help="YARA file to analyze")
|
|
500
|
+
parser.add_argument(
|
|
501
|
+
"--verbose", "-v", action="store_true", help="Show all strings, not just issues"
|
|
502
|
+
)
|
|
503
|
+
args = parser.parse_args()
|
|
504
|
+
|
|
505
|
+
if not args.path.exists():
|
|
506
|
+
print(f"Error: {args.path} does not exist", file=sys.stderr)
|
|
507
|
+
return 1
|
|
508
|
+
|
|
509
|
+
if args.path.is_file():
|
|
510
|
+
return analyze_file(args.path, verbose=args.verbose)
|
|
511
|
+
elif args.path.is_dir():
|
|
512
|
+
exit_code = 0
|
|
513
|
+
for yar_file in args.path.rglob("*.yar"):
|
|
514
|
+
if analyze_file(yar_file, verbose=args.verbose) != 0:
|
|
515
|
+
exit_code = 1
|
|
516
|
+
for yar_file in args.path.rglob("*.yara"):
|
|
517
|
+
if analyze_file(yar_file, verbose=args.verbose) != 0:
|
|
518
|
+
exit_code = 1
|
|
519
|
+
return exit_code
|
|
520
|
+
else:
|
|
521
|
+
print(f"Error: {args.path} is not a file or directory", file=sys.stderr)
|
|
522
|
+
return 1
|
|
523
|
+
|
|
524
|
+
|
|
525
|
+
if __name__ == "__main__":
|
|
526
|
+
sys.exit(main())
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
[project]
|
|
2
|
+
name = "yara-x-authoring-scripts"
|
|
3
|
+
version = "2.0.0"
|
|
4
|
+
description = "YARA-X rule authoring utilities"
|
|
5
|
+
requires-python = ">=3.11"
|
|
6
|
+
dependencies = ["yara-x>=0.10.0"]
|
|
7
|
+
|
|
8
|
+
[tool.ruff]
|
|
9
|
+
target-version = "py311"
|
|
10
|
+
line-length = 100
|
|
11
|
+
|
|
12
|
+
[tool.ruff.lint]
|
|
13
|
+
select = [
|
|
14
|
+
"E", # pycodestyle errors
|
|
15
|
+
"W", # pycodestyle warnings
|
|
16
|
+
"F", # Pyflakes
|
|
17
|
+
"I", # isort
|
|
18
|
+
"B", # flake8-bugbear
|
|
19
|
+
"C4", # flake8-comprehensions
|
|
20
|
+
"UP", # pyupgrade
|
|
21
|
+
"SIM", # flake8-simplify
|
|
22
|
+
]
|
|
23
|
+
|
|
24
|
+
[tool.ruff.lint.isort]
|
|
25
|
+
force-single-line = true
|