The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script uses the subprocess module to execute system commands including uname, insmod (for kernel module loading), and the vol3 Volatility 3 CLI tool.
[COMMAND_EXECUTION]: The skill requires high-privilege operations, specifically the insertion of kernel modules to perform memory acquisition, which typically necessitates root or sudo permissions on the target system.
[DATA_EXFILTRATION]: The skill allows for the extraction of sensitive system data from memory images, including process lists, network connections (linux.sockstat), and user command history (linux.bash). This behavior is consistent with the skill's stated purpose for forensic analysis.
[EXTERNAL_DOWNLOADS]: The documentation references established forensic tools from reputable sources, such as the LiME project (github.com/504ensicsLabs/LiME) and the Volatility 3 framework (github.com/volatilityfoundation/volatility3).
[DATA_EXFILTRATION]: The references/api-reference.md file documents a feature of LiME that allows streaming acquired memory over a TCP connection (e.g., path=tcp:4444), which is a standard method for network-based memory forensics.

analyzing-memory-forensics-with-lime-and-volatility