The Agent Skills Directory

[COMMAND_EXECUTION]: The skill's scripts (process.py, agent.py) and documentation utilize the paramiko and winrm libraries to execute commands on remote target systems. These operations are restricted to querying OS metadata, package databases (dpkg, rpm), and service statuses, which are necessary for identifying vulnerabilities without an agent.
[EXTERNAL_DOWNLOADS]: The orchestration script scripts/process.py references the NIST National Vulnerability Database (NVD) via services.nvd.nist.gov. This is a well-known, trusted governmental resource used for security data correlation and does not represent a risk of malicious code execution.
[CREDENTIALS_UNSAFE]: The skill facilitates authenticated scanning by processing sensitive inputs such as SSH private keys and WinRM credentials. The implementation follows standard security practices by requiring these as user-provided arguments or configuration file paths rather than including hardcoded secrets.

performing-agentless-vulnerability-scanning