The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py executes several local commands to gather security telemetry. On Windows, it uses reg query to check for User Account Control (UAC) bypass registry keys and powershell to inspect Sysmon events. On Linux, it uses sudo -l -n to list sudo privileges and find to identify binaries with SUID bits set. These commands are used for system discovery and are standard for threat hunting activities.
[DATA_EXPOSURE]: The skill accesses sensitive system information such as authentication logs (/var/log/auth.log, /var/log/secure) and registry settings. However, this data is processed locally to generate security reports and is not transmitted over the network.
[REMOTE_CODE_EXECUTION]: No patterns of remote script execution or external downloads were identified. The skill relies entirely on local system tools and standard Python libraries.

detecting-t1548-abuse-elevation-control-mechanism