container-forensics
CommunityInvestigate containerized environments.
Software Engineering#incident response#ebpf#audit logs#docker security#kubernetes security#container escape#container forensics
Authorjmagly
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the unique security challenges of containerized environments, providing a systematic approach to investigate potential compromises, misconfigurations, or container escapes that traditional host-based forensics might miss.
Core Features & Use Cases
- Environment Detection: Automatically identifies Docker, Kubernetes, containerd, or CRI-O setups.
- Comprehensive Auditing: Covers container inventory, privilege escalation checks, image integrity, layer analysis, escape indicators, eBPF runtime monitoring (Falco, Tetragon, Tracee), Kubernetes RBAC, etcd security, and API server audit logs.
- Use Case: When a security alert indicates suspicious activity within a Kubernetes cluster, this Skill can be invoked to perform a deep dive into all running containers, their configurations, and network interactions to identify the root cause and scope of the incident.
Quick Start
Run container forensics on the current environment.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: container-forensics Download link: https://github.com/jmagly/aiwg/archive/main.zip#container-forensics Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.