analyzing-linux-kernel-rootkits
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The script
agent.pyexecutes system utilities includingvol(Volatility3) andrkhunterviasubprocess.runto perform forensic analysis. It also reads system-level files such as/proc/modulesand/sys/moduleto perform cross-view analysis for detecting hidden kernel modules. - [EXTERNAL_DOWNLOADS]: The skill documentation references the installation of the
volatility3Python package and directs users to the Volatility Foundation's official GitHub repository for downloading symbol tables. These sources are well-known and trusted within the cybersecurity community for forensic purposes.
Audit Metadata