skills/mukul975/anthropic-cybersecurity-skills/configuring-host-based-intrusion-detection/Gen Agent Trust Hub
configuring-host-based-intrusion-detection
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
WazuhClientclass inscripts/agent.pydisables SSL certificate verification (verify=False) for all API requests to the Wazuh manager. This practice bypasses transport layer security and makes communication vulnerable to interception, potentially exposing the authentication tokens used for management. - [DATA_EXFILTRATION]: The
check_file_integrityfunction inscripts/agent.pyaccesses and computes SHA256 hashes for highly sensitive system files, including/etc/shadow,/etc/passwd, and/etc/sudoers. While this is a standard activity for host-based intrusion detection, it represents an exposure of sensitive system configuration and credential metadata. - [COMMAND_EXECUTION]:
scripts/agent.pyuses thesubprocessmodule to executeosqueryifor system inspection. This allows the script to run arbitrary SQL queries against the host operating system to monitor processes and system state. - [EXTERNAL_DOWNLOADS]: The skill provides instructions in
SKILL.mdto download and install the Wazuh agent and its associated GPG repository keys directly frompackages.wazuh.com. These downloads are performed usingcurlandInvoke-WebRequestand are immediately used for system-level installation.
Recommendations
- HIGH: Downloads and executes remote code from: https://packages.wazuh.com/key/GPG-KEY-WAZUH - DO NOT USE without thorough review
Audit Metadata