{"id":"9f3ef578-8030-436f-9fd9-854781c44af4","shortId":"zp4aNa","kind":"skill","title":"Container Runtime Security Monitor","tagline":"Monitors container runtime behavior using Falco rules and the Docker Engine API. Detects anomalous syscalls, privilege escalations, and unexpected network connections in real time.","description":"# Container Runtime Security Monitor\n\nMonitors container runtime behavior using Falco rules and the Docker Engine API. Detects anomalous syscalls, privilege escalations, and unexpected network connections in real time.\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- cmake \\\n- make -j$(($nproc-1)) falco_unit_tests;\n\nRequirements and caveats from upstream:\n- A demo environment is provided via a docker-compose file that can be started on a docker host which includes falco, falcosidekick, falcosidekick-ui and its required redis database. For more information see the [docker...\n- As a security tool meant to consume a crazy high throughput of events per second, Falco needs to squeeze performance in all hot paths at runtime and requires deep control on memory allocation, which the Go runtime can...\n\nBasic usage or getting-started notes:\n- If you're new to Falco, begin your journey with our [Getting Started](https://falco.org/docs/getting-started/) guide. For production deployments, please refer to our comprehensive [Setup](https://falco.org/docs/setup/...\n- As final recommendations before deploying Falco, verify environment compatibility, define your detection goals, optimize performance, choose the appropriate build, and plan for SIEM or data lake integration to ensure...\n- ### Demo Environment\n\n- Source: https://github.com/falcosecurity/falco\n- Extracted from upstream docs: https://raw.githubusercontent.com/falcosecurity/falco/HEAD/README.md\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/container-runtime-security-monitor/)","tags":["container","runtime","security","monitor","skills","agentskillexchange","agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex"],"capabilities":["skill","source-agentskillexchange","skill-container-runtime-security-monitor","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/container-runtime-security-monitor","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (1,614 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:09:55.629Z","embedding":null,"createdAt":"2026-05-18T13:15:49.825Z","updatedAt":"2026-05-18T19:09:55.629Z","lastSeenAt":"2026-05-18T19:09:55.629Z","tsv":"'-1':73 '/docs/getting-started/)':179 '/docs/setup/...':192 '/falcosecurity/falco':227 '/falcosecurity/falco/head/readme.md':234 '/skills/container-runtime-security-monitor/)':241 'agent':236 'agentskillexchange.com':240 'agentskillexchange.com/skills/container-runtime-security-monitor/)':239 'alloc':151 'anomal':18,46 'api':16,44 'appropri':210 'basic':157 'begin':170 'behavior':8,36 'build':211 'caveat':79 'choos':208 'cmake':69 'compat':201 'compos':91 'comprehens':188 'connect':25,53 'consum':125 'contain':1,6,29,34 'control':148 'crazi':127 'data':217 'databas':112 'deep':147 'defin':202 'demo':83,222 'deploy':183,197 'detect':17,45,204 'doc':231 'docker':14,42,90,99,118 'docker-compos':89 'engin':15,43 'ensur':221 'environ':68,84,200,223 'escal':21,49 'event':131 'exchang':238 'extract':228 'falco':10,38,74,103,134,169,198 'falco.org':178,191 'falco.org/docs/getting-started/)':177 'falco.org/docs/setup/...':190 'falcosidekick':104,106 'falcosidekick-ui':105 'file':92 'final':194 'get':161,175 'getting-start':160 'github.com':226 'github.com/falcosecurity/falco':225 'go':154 'goal':205 'guid':180 'high':128 'host':100 'hot':141 'includ':102 'inform':115 'instal':57,61 'integr':219 'j':71 'journey':172 'lake':218 'make':70 'match':66 'meant':123 'memori':150 'monitor':4,5,32,33 'need':135 'network':24,52 'new':167 'note':163 'nproc':72 'optim':206 'path':64,142 'per':132 'perform':138,207 'plan':213 'pleas':184 'privileg':20,48 'product':182 'provid':86 'raw.githubusercontent.com':233 'raw.githubusercontent.com/falcosecurity/falco/head/readme.md':232 're':166 'real':27,55 'recommend':195 'redi':111 'refer':185 'requir':77,110,146 'rule':11,39 'runtim':2,7,30,35,144,155 'second':133 'secur':3,31,121 'see':116 'setup':63,189 'siem':215 'skill':237 'skill-container-runtime-security-monitor' 'sourc':224,235 'source-agentskillexchange' 'squeez':137 'start':96,162,176 'syscal':19,47 'test':76 'throughput':129 'time':28,56 'tool':122 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'ui':107 'unexpect':23,51 'unit':75 'upstream':60,81,230 'usag':158 'use':9,37,58 'verifi':199 'via':87","prices":[{"id":"a118ee44-0f14-46c5-bf63-259a6d63955b","listingId":"9f3ef578-8030-436f-9fd9-854781c44af4","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:15:49.825Z"}],"sources":[{"listingId":"9f3ef578-8030-436f-9fd9-854781c44af4","source":"github","sourceId":"agentskillexchange/skills/container-runtime-security-monitor","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/container-runtime-security-monitor","isPrimary":false,"firstSeenAt":"2026-05-18T13:15:49.825Z","lastSeenAt":"2026-05-18T19:09:55.629Z"}],"details":{"listingId":"9f3ef578-8030-436f-9fd9-854781c44af4","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"container-runtime-security-monitor","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"d4f89b3af04d66480e0f628919a0ee5d864802b6","skill_md_path":"skills/container-runtime-security-monitor/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/container-runtime-security-monitor"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Container Runtime Security Monitor","description":"Monitors container runtime behavior using Falco rules and the Docker Engine API. Detects anomalous syscalls, privilege escalations, and unexpected network connections in real time."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/container-runtime-security-monitor"},"updatedAt":"2026-05-18T19:09:55.629Z"}}