The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The script scripts/agent.py and its usage instructions in SKILL.md accept user credentials via command-line arguments (--user and --password). This practice is a security concern as sensitive credentials can be visible to other users on the system through process-monitoring tools.
[COMMAND_EXECUTION]: The skill requires the execution of a Python script that performs network operations and writes reports to the disk. The script also includes a feature to disable TLS certificate verification via the SKIP_TLS_VERIFY environment variable, which can expose the communication to man-in-the-middle attacks.
[EXTERNAL_DOWNLOADS]: The utility makes network requests to an external Arkime API endpoint specified by the user to download session and connection metadata for analysis.
[DATA_EXFILTRATION]: The script retrieves network session metadata from a remote Arkime instance and stores it in a local JSON file. While this is the intended forensic function, it represents a structured movement of sensitive network metadata from a remote service to the local environment.

implementing-network-traffic-analysis-with-arkime