The Agent Skills Directory

[COMMAND_EXECUTION]: The reference files contain multiple administrative shell commands used for infrastructure setup. These include commands for package management (e.g., apt install apache2), service configuration (a2enmod), and system operations using sudo. These are documented as standard deployment steps for a security practitioner.
[EXTERNAL_DOWNLOADS]: The skill references external resources for infrastructure building and threat intelligence. It includes commands to clone repositories from GitHub (e.g., github.com/developer/static-template) and uses the uTLS library (github.com/refraction-networking/utls) to manage TLS fingerprints. It also provides examples for querying well-known threat intelligence services such as VirusTotal, Shodan, and AbuseIPDB using provided placeholder keys.
[DATA_EXFILTRATION]: A provided monitoring script (infra-health-check.sh) is designed to send status updates about infrastructure health to an external webhook. This is a functional requirement for infrastructure management rather than a malicious exfiltration pattern.
[SAFE]: All identified command executions and external references are consistent with the skill's stated purpose of teaching C2 infrastructure OPSEC and IOC analysis methodology. No malicious patterns, obfuscation, or unauthorized access attempts were detected.

ioc-analysis