The Agent Skills Directory

[SAFE]: All components of the skill are focused on defensive security monitoring and threat hunting, providing legitimate logic for identifying DNS abuse.
[SAFE]: The Python script scripts/agent.py uses only standard libraries for data processing and does not contain any suspicious system-level operations or network activity.
[EXTERNAL_DOWNLOADS]: Documentation includes examples for accessing reputable security platforms (e.g., VirusTotal, Cisco Umbrella) using official APIs. These references are clearly marked as examples and use placeholder variables for credentials.
[COMMAND_EXECUTION]: The skill provides benign, industry-standard Splunk queries and Linux CLI commands for processing DNS logs.

analyzing-dns-logs-for-exfiltration