The Agent Skills Directory

[COMMAND_EXECUTION]: The script uses subprocess.run to execute standard Linux utilities such as crontab, dpkg, and env. These operations are used to enumerate users and verify the integrity of system files. All command execution is limited to local system introspection and follows safe implementation patterns using argument lists without user-controlled interpolation.
[REMOTE_CODE_EXECUTION]: Heuristic detections of reverse shell patterns in scripts/agent.py are false positives. The script contains regex patterns used to scan system files for malicious artifacts; these patterns are handled as static data for searching and are not executed as code.
[DATA_EXFILTRATION]: No network activity was detected. The skill collects system information locally and stores results in a JSON file on the local file system. It does not contain any functions for external data transmission.
[CREDENTIALS_UNSAFE]: The skill audits sensitive locations such as .ssh/authorized_keys and shell profile files. This access is required for the stated purpose of identifying persistence mechanisms and does not involve unauthorized credential harvesting or transmission.

analyzing-persistence-mechanisms-in-linux