← Back to Skills

Osquery Query Helper

🌐Community
by tsale Β· vlatest Β· Repository

Crafts complex osquery queries from natural language requests to efficiently gather system information.

Install on your platform

We auto-selected Claude Code based on this skill’s supported platforms.

1

Run in terminal (recommended)

terminal
claude mcp add osquery-query-helper npx -- -y @trustedskills/osquery-query-helper
2

Or manually add to ~/.claude/settings.json

~/.claude/settings.json
{
  "mcpServers": {
    "osquery-query-helper": {
      "command": "npx",
      "args": [
        "-y",
        "@trustedskills/osquery-query-helper"
      ]
    }
  }
}

Requires Claude Code (claude CLI). Run claude --version to verify your install.

About This Skill

What it does

The osquery-query-helper skill allows AI agents to construct and execute OSQuery queries. It can retrieve system information, identify running processes, and enumerate files based on specified criteria. This enables automated investigation and data gathering tasks across a variety of operating systems.

When to use it

  • Incident Response: Quickly gather detailed system context during an incident by querying for specific process names or file modifications.
  • Asset Inventory: Automatically generate lists of software installed, services running, or users logged in on multiple machines.
  • Compliance Auditing: Verify configurations against security baselines by constructing queries to check for misconfigurations.
  • Forensic Analysis: Extract relevant artifacts from a system's memory and disk using targeted OSQuery queries.

Key capabilities

  • Constructs OSQuery SQL queries
  • Executes queries against the local or remote osqueryd instance
  • Parses query results into structured data
  • Supports various operating systems (Windows, macOS, Linux)

Example prompts

  • "Find all processes running as user 'john'."
  • "List files modified in the last 24 hours in /var/log."
  • "Show me a list of installed software on this machine."
  • β€œWhat services are listening on port 80?”

Tips & gotchas

  • Requires an osqueryd instance to be running and accessible.
  • OSQuery syntax can be complex; familiarity with SQL is beneficial for crafting effective queries.
View Repository β†’

Tags

πŸ›‘οΈ

TrustedSkills Verification

Unlike other registries that point to live repositories, TrustedSkills pins every skill to a verified commit hash. This protects you from malicious updates β€” what you install today is exactly what was reviewed and verified.

Security Audits

Gen Agent Trust HubPass
SocketPass
SnykPass

Details

Version
vlatest
License
Author
tsale
Installs
3
Repository (canonical source) β†’

🌐 Community

Passed automated security scans.