S³ Memory Forensics
v1.0.0Master memory forensics techniques including memory acquisition, process analysis, and artifact extraction using Volatility and related tools. Use when analy...
⭐ 0· 98·0 current·0 all-time
bySolomon Neas@solomonneas
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (memory forensics with Volatility and related tools) matches the SKILL.md content: acquisition commands (WinPmem, LiME, osxpmem, VM exporters), Volatility usage, and workflows. Tools and commands referenced are appropriate for the stated domain.
Instruction Scope
Instructions tell the operator to run privileged acquisition commands (sudo dd, insmod LiME, WinPmem/DumpIt) and analysis (volatility, strings, yara). This is expected for memory forensics, but the SKILL.md also tells the agent to 'open resources/implementation-playbook.md' which is not present in the package — the agent could attempt to read local files in its environment if followed. Verify the resource reference and be cautious about executing privileged commands.
Install Mechanism
No install spec (instruction-only). The doc recommends installing volatility3 via pip and downloading symbol tables from the Volatility Foundation site — these are standard steps. There are no downloads from unknown personal servers or extract/install steps in the skill bundle itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. Commands reference system devices (/dev/mem, /proc/kcore) and VM files (vm.vmem) which are appropriate for memory acquisition but are sensitive — this is proportional to the forensic purpose.
Persistence & Privilege
The skill is not forced-always and is user-invocable. Model invocation is allowed (default), which is normal. Because the instructions include privileged system actions, consider restricting autonomous invocation in environments where the agent could execute commands or access the host filesystem.
Assessment
This is a coherent memory-forensics playbook; nothing in the skill requests unrelated credentials or installs arbitrary remote code. Before using it, (1) only run the acquisition and kernel-level commands on systems you own or have explicit authorization to examine — they require root/administrator privileges and can disrupt systems; (2) verify downloads (e.g., Volatility symbol tables) come from the official Volatility Foundation site; (3) note the SKILL.md references resources/implementation-playbook.md which is not included — check for missing documentation before relying on the skill; and (4) if you allow the agent to invoke skills autonomously, consider disabling autonomous execution for this skill in sensitive environments because following these instructions could access or expose host memory and secrets.Like a lobster shell, security has layers — review code before you run it.
forensicsvk970t3wqd1dsxe9xe0vmadp61s836tvcincident-responsevk970t3wqd1dsxe9xe0vmadp61s836tvclatestvk970t3wqd1dsxe9xe0vmadp61s836tvcmemory-analysisvk970t3wqd1dsxe9xe0vmadp61s836tvcvolatilityvk970t3wqd1dsxe9xe0vmadp61s836tvc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.