← Back to Skills

Osquery Query Helper

🌐Community
by inthecyber-group · vlatest · Repository

Crafts OSQuery queries to efficiently identify suspicious activity and vulnerabilities within group environments.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add inthecyber-group-osquery-query-helper npx -- -y @trustedskills/inthecyber-group-osquery-query-helper
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "inthecyber-group-osquery-query-helper": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/inthecyber-group-osquery-query-helper"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The osquery-query-helper skill allows AI agents to construct and execute OSQuery queries. It can retrieve system information, identify potential security issues, and perform targeted searches across a host's configuration and running processes. This skill simplifies interacting with the OSQuery framework for tasks like inventory management and threat hunting.

When to use it

  • Asset Inventory: Quickly gather details about installed software, hardware configurations, or user accounts on a system.
  • Security Auditing: Identify potentially vulnerable services, misconfigurations, or unusual process activity.
  • Troubleshooting: Investigate performance issues by querying resource utilization and system metrics.
  • Compliance Checks: Verify adherence to security policies by searching for specific configurations or software versions.

Key capabilities

  • Constructs OSQuery SQL queries.
  • Executes queries against a target host (implicitly).
  • Retrieves results from the query execution.
  • Provides structured data output based on query results.

Example prompts

  • "Find all processes running as root."
  • "What versions of Apache are installed?"
  • "Show me all users with sudo privileges."
  • "List all files modified in the last 24 hours."

Tips & gotchas

  • Requires a working OSQuery installation and configuration on the target system.
  • The skill's effectiveness depends on the quality of the OSQuery schema and configurations available on the target host.
View Repository →

Tags

🛡️

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates — what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
inthecyber-group
Installs
2
Repository (canonical source) →

🌐 Community

Passed automated security scans.