The Agent Skills Directory

[SAFE]: No malicious behaviors or security risks were identified during the analysis. The skill's functionality is strictly aligned with its stated purpose of industrial network security monitoring.
[EXTERNAL_DOWNLOADS]: The skill utilizes well-known and trusted Python libraries for network analysis, specifically scapy and pymodbus (referenced in documentation). These are standard dependencies for the task.
[COMMAND_EXECUTION]: The scripts provided (SKILL.md script and scripts/agent.py) are intended for legitimate administrative and security analysis tasks, such as reading packet capture files or analyzing system logs.
[SAFE]: The skill processes external network traffic and log data, representing a standard ingestion surface for security tooling. It parses this data into structured reports without using dangerous functions like eval or exec on the untrusted input.
Ingestion points: Network traffic sniffing via scapy.all.sniff, pcap file reading via rdpcap, and Zeek log file parsing in scripts/agent.py.
Boundary markers: Not applicable for the output of these local analysis scripts.
Capability inventory: The scripts are limited to reading input files/network and printing analysis results to the console.
Sanitization: Standard type casting (e.g., int(fc_str)) is used for parsing protocol fields.

detecting-modbus-command-injection-attacks