The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py invokes external security binaries including Volatility 3, rkhunter, and chkrootkit using the subprocess.run method. These executions are performed using argument arrays rather than shell strings, which effectively mitigates the risk of command injection from user-supplied file paths or arguments.\n- [SAFE]: The skill performs diagnostic file system operations, such as scanning /tmp and /dev/shm for hidden files using os.listdir. These actions are read-only, limited to metadata inspection, and directly support the skill's stated purpose of malware and rootkit detection.\n- [SAFE]: The workflow instructions in SKILL.md provide legitimate cybersecurity procedures for cross-view process analysis and kernel structure verification. All embedded code snippets follow standard forensic best practices and do not contain obfuscated commands or unauthorized network operations.

detecting-rootkit-activity