Detection Engineering Skills Hub

AI-POWERED DETECTION WORKFLOWS

A collection of LLM agent skills for malware detection, YARA rule generation, and threat intelligence

DETECTION PIPELINE
VirusTotal > Download > yarGen > YARA Expert > Rule

Combine multiple skills into seamless detection engineering workflows. Hash → Sample → YARA Rule - all in one command.

AVAILABLE SKILLS

Detection Engineering

Meta-skill that orchestrates VirusTotal, yarGen, and YARA rule expertise into a unified pipeline. Go from hash to production-ready YARA rule in one command.

GitHub Docs

VirusTotal API

Query VirusTotal for threat intelligence on files, URLs, IPs, and domains. Supports lookups, scans, Intelligence searches, Livehunt, Retrohunt, and relationship exploration.

GitHub Docs

yarGen

Generate YARA rules from malware samples while filtering goodware strings. Includes database management, web API integration, and the submit command for one-shot rule generation.

GitHub yarGen-Go

YARA Rule Expert

Expert YARA rule authoring, review, and optimization. Embeds 60+ quality checks from yaraQA, performance guidelines, and style standards into your AI assistant.

GitHub Website
KEY FEATURES
*

Seamless Integration

Skills work together as a unified detection platform

*

AI-Assisted

Natural language workflows powered by LLMs

*

One-Command

Hash to YARA rule in a single operation

*

Quality Assured

Built-in validation and optimization

INSTALLATION

Add these skills to your LLM agent's context:

Option 1: Clone and Copy (Recommended)

# Detection Engineering (meta-skill)
git clone https://github.com/YARAHQ/detection-engineering-skill.git
cp -r detection-engineering-skill ~/.openclaw/skills/

# VirusTotal API
git clone https://github.com/YARAHQ/virustotal-api-skill.git
cp -r virustotal-api-skill ~/.openclaw/skills/

# yarGen
git clone https://github.com/YARAHQ/yargen-go-skill.git
cp -r yargen-go-skill ~/.openclaw/skills/yargen

# YARA Rule Expert
git clone https://github.com/YARAHQ/yara-rule-skill.git
cp -r yara-rule-skill ~/.openclaw/skills/

Option 2: Package as .skill File

# Clone the meta skill
git clone https://github.com/YARAHQ/detection-engineering-skill.git
cd detection-engineering-skill

# Package the skill
python3 scripts/package_skill.py .

# Install the packaged skill
cp detection-engineering.skill ~/.openclaw/skills/

Supported Platforms: OpenClaw, Claude Desktop, and other MCP-based agents