Skills
skills/mukul975/anthropic-cybersecurity-skills/implementing-velociraptor-for-ir-collection/Gen Agent Trust Hub

implementing-velociraptor-for-ir-collection

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The SKILL.md file contains instructions to fetch the Velociraptor binary directly from the project's official GitHub releases.
  • Evidence: wget https://github.com/Velocidex/velociraptor/releases/latest/download/velociraptor-linux-amd64 in SKILL.md.
  • [COMMAND_EXECUTION]: The skill includes shell commands for server setup, configuration generation, and service installation on Linux and Windows platforms.
  • Evidence: Commands such as sudo cp velociraptor-linux-amd64 /usr/local/bin/velociraptor and velociraptor --config /etc/velociraptor/server.config.yaml service install are used for legitimate deployment.
  • [DATA_EXFILTRATION]: The scripts/agent.py script performs network requests to the Velociraptor API to retrieve collected forensic data from endpoints.
  • Evidence: The script uses the requests library to communicate with an API endpoint defined by the VELOCIRAPTOR_API_URL environment variable for artifact retrieval and flow management.
  • [DATA_EXFILTRATION]: The automation script scripts/process.py analyzes local JSON result files for suspicious indicators (e.g., malware process names), which is the intended forensic workflow.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 11:33 PM