{"id":"7a62a7e3-48de-4b4c-b042-74c7c1ed92a7","shortId":"hhgUh9","kind":"skill","title":"Capture Linux runtime security events and suspicious behavior for live triage with Tracee","tagline":"Watch live Linux and container activity through eBPF so you can triage suspicious runtime behavior before it disappears into guesswork.","description":"# Capture Linux runtime security events and suspicious behavior for live triage with Tracee\n\nWatch live Linux and container activity through eBPF so you can triage suspicious runtime behavior before it disappears into guesswork.\n\n## Prerequisites\n\nLinux host or Kubernetes environment with the required kernel support, Tracee runtime or container image, elevated access to collect eBPF events, and access to the target system or cluster\n\n## Installation\n\nNo source-backed install or usage instructions could be extracted automatically. Review the upstream project before running this skill in a sensitive workflow.\n\n- Source: https://github.com/aquasecurity/tracee\n\n## Documentation\n\n- https://aquasecurity.github.io/tracee/latest/\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee/)","tags":["capture","linux","runtime","security","events","and","suspicious","behavior","for","live","triage","with"],"capabilities":["skill","source-agentskillexchange","skill-capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (898 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:44.827Z","embedding":null,"createdAt":"2026-05-18T13:15:34.655Z","updatedAt":"2026-05-18T19:09:44.827Z","lastSeenAt":"2026-05-18T19:09:44.827Z","tsv":"'/aquasecurity/tracee':125 '/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee/)':136 '/tracee/latest/':129 'access':84,90 'activ':19,52 'agent':131 'agentskillexchange.com':135 'agentskillexchange.com/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee/)':134 'aquasecurity.github.io':128 'aquasecurity.github.io/tracee/latest/':127 'automat':109 'back':101 'behavior':8,28,41,61 'captur':1,34 'cluster':96 'collect':86 'contain':18,51,81 'could':106 'disappear':31,64 'document':126 'ebpf':21,54,87 'elev':83 'environ':72 'event':5,38,88 'exchang':133 'extract':108 'github.com':124 'github.com/aquasecurity/tracee':123 'guesswork':33,66 'host':69 'imag':82 'instal':97,102 'instruct':105 'kernel':76 'kubernet':71 'linux':2,16,35,49,68 'live':10,15,43,48 'prerequisit':67 'project':113 'requir':75 'review':110 'run':115 'runtim':3,27,36,60,79 'secur':4,37 'sensit':120 'skill':117,132 'skill-capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee' 'sourc':100,122,130 'source-agentskillexchange' 'source-back':99 'support':77 'suspici':7,26,40,59 'system':94 'target':93 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'trace':13,46,78 'triag':11,25,44,58 'upstream':112 'usag':104 'watch':14,47 'workflow':121","prices":[{"id":"92c562a7-5686-4669-87ae-0f2bee1b112a","listingId":"7a62a7e3-48de-4b4c-b042-74c7c1ed92a7","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:34.655Z"}],"sources":[{"listingId":"7a62a7e3-48de-4b4c-b042-74c7c1ed92a7","source":"github","sourceId":"agentskillexchange/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:34.655Z","lastSeenAt":"2026-05-18T19:09:44.827Z"}],"details":{"listingId":"7a62a7e3-48de-4b4c-b042-74c7c1ed92a7","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"1e3a48190f2aaaf1233887eb6a2931aa1c863ca5","skill_md_path":"skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Capture Linux runtime security events and suspicious behavior for live triage with Tracee","description":"Watch live Linux and container activity through eBPF so you can triage suspicious runtime behavior before it disappears into guesswork."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/capture-linux-runtime-security-events-and-suspicious-behavior-for-live-triage-with-tracee"},"updatedAt":"2026-05-18T19:09:44.827Z"}}