The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill instructions and scripts (SKILL.md, scripts/agent.py) recommend the installation of standard Python libraries including 'scapy' for packet analysis, 'requests' for API communication, and 'pymodbus' for industrial protocol interaction.
[COMMAND_EXECUTION]: The 'scripts/agent.py' script performs network operations including port scanning and sending protocol-specific packets to audit SCADA devices. These are legitimate functions for security auditing tools in OT/ICS environments.
[SAFE]: A hex-encoded byte sequence in 'scripts/agent.py' was flagged by static analysis. Technical review confirms this is a standard Siemens S7comm COTP connection request packet (TPKT/COTP header) used for legitimate protocol accessibility testing, not malicious obfuscation.
[SAFE]: The skill demonstrates best practices for secret management by instructing users to provide API keys via command-line arguments or environment variables rather than hardcoding credentials.
[SAFE]: The interaction with Historian and SIEM APIs is performed using user-supplied endpoints and authentication tokens for the intended purpose of security event monitoring.

detecting-attacks-on-scada-systems