The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes the osqueryi tool using subprocess.run to collect system information.
Evidence: The script collects system state (processes, listening ports, etc.) which is a functional requirement. It prevents command injection by whitelisting queries against a hardcoded dictionary and using restricted command-line arguments.
[EXTERNAL_DOWNLOADS]: The skill documents installation procedures involving remote repositories.
Evidence: The references to osquery.io, keyserver.ubuntu.com, and fleetdm.com are for official software distribution channels and are consistent with industry standards for this type of tool.
[DATA_EXFILTRATION]: The scripts/agent.py script communicates with a Fleet management server.
Evidence: This network activity is used to retrieve host status via a legitimate API and is restricted to the user-provided Fleet URL, rather than sending data to unauthorized external endpoints.

deploying-osquery-for-endpoint-monitoring