The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The scripts/agent.py script accepts Nessus API access and secret keys as command-line arguments, which can lead to credential exposure in shell history or process listings.\n- [COMMAND_EXECUTION]: The scripts/process.py script executes remote commands via SSH and WinRM to validate credential permissions and gather system information from target hosts.\n- [COMMAND_EXECUTION]: The documentation in SKILL.md provides instructions to configure service accounts with elevated privileges, including Domain Admin membership and passwordless sudo access, significantly increasing the potential impact of a compromised scanner account.\n- [EXTERNAL_DOWNLOADS]: The scripts/agent.py script performs network operations to interact with the Nessus API and includes functionality to bypass SSL/TLS certificate verification via the SKIP_TLS_VERIFY environment variable.

performing-authenticated-vulnerability-scan