The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts scripts/agent.py and scripts/process.py use the subprocess module to call the Android Asset Packaging Tool (aapt). This is used specifically to extract manifest information and permissions from APK files, which is a standard procedure in mobile malware analysis.
[EXTERNAL_DOWNLOADS]: The scripts/process.py script includes functionality to communicate with the VirusTotal API (virustotal.com) to check the reputation of analyzed files. This is a well-known service frequently used by security professionals for malware triage.
[CREDENTIALS_SAFE]: The documentation and scripts mention the use of a VirusTotal API key. The implementation correctly expects the key as a command-line argument (--vt-key) or through user-defined variables, rather than hardcoding sensitive credentials in the source code.
[DATA_EXPOSURE]: The skill accesses the local filesystem to read APK files and write analysis reports. This file access is limited to the scope of the malware analysis tasks requested by the user.

detecting-mobile-malware-behavior