The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/agent.py utilizes subprocess.run to execute the Windows reg query command. This is used to audit autostart entries within a predefined, static list of registry keys. The command is invoked using a structured list of arguments without a shell, which follows security best practices for external process invocation.
[SAFE]: The skill performs legitimate security analysis tasks including file metadata extraction, SHA-256 hashing, and local directory monitoring. All operations are confined to the local system with no identified network communication or credential harvesting patterns.
[SAFE]: The dependencies mentioned in the prerequisites (watchdog, pefile) are well-known, industry-standard libraries for filesystem monitoring and Portable Executable (PE) analysis.

hunting-for-startup-folder-persistence