The Agent Skills Directory

[DATA_EXFILTRATION]: The skill transmits quarantined file samples to external well-known services, including VirusTotal and Joe Sandbox, as part of its automated dynamic analysis workflow.- [DATA_EXFILTRATION]: Provides a configurable option to disable SSL/TLS certificate validation for Splunk HTTP Event Collector communications, which is intended for isolated lab testing but introduces risk if misconfigured.- [CREDENTIALS_UNSAFE]: Utilizes environment variables and command-line arguments to manage sensitive API keys and authentication tokens for third-party security integrations.- [SAFE]: Ingests and processes data from external malware analysis reports to automate downstream security actions such as firewall blocking and alert generation.
Ingestion points: API responses from VirusTotal, MalwareBazaar, and Cuckoo Sandbox in scripts/agent.py.
Boundary markers: None present.
Capability inventory: Outbound network operations to Splunk HEC and firewall block APIs.
Sanitization: No explicit string sanitization or escaping of extracted IOCs before transmission to external APIs.

building-automated-malware-submission-pipeline