Security audit

HermesSkills

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only agent memory skill whose sensitive retention features are disclosed and aligned with its purpose, but users should configure privacy controls carefully.

Install only if you want an agent memory framework that may retain profiles, preferences, revenue data, drafts, and conversation history. Before using it with sensitive data, verify where any cloud backups are stored, how consent and deletion are enforced, and whether the advertised encryption and privacy compliance controls are actually implemented.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (4)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly promotes persistent storage of session data, user preferences, profiles, and indefinite cloud-backed long-term memory, but the user-facing description does not disclose meaningful privacy implications, retention boundaries, consent expectations, or deletion controls. In an agent-memory framework, this omission is dangerous because operators may deploy it in ways that silently accumulate sensitive personal or business data beyond what users reasonably expect.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill exposes destructive operations like resetting conversation context and full purging without any warning, confirmation, or guidance about irreversible data loss. In an agent workflow, these functions could be invoked accidentally or by prompt manipulation, causing loss of active drafts, context, or pending questions that may be important to the user.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly describes storing user preferences and searching conversations, which implies collection and retrieval of potentially sensitive personal data, but it does not provide any user-facing notice about what is retained, how it is used, who can access it, or consent/retention boundaries. In an agent-framework context, this increases the risk of privacy violations, overcollection, and misuse of conversational data even if encryption is mentioned, because encryption does not address transparency, purpose limitation, or access control.

Context Leakage

High

Category: Data Exfiltration
Content: ### Session Write Operations - `update_current_skill(component, content, progress)` — Track skill building - `append_conversation_turn(role, message, timestamp, metadata)` — Log conversation - `set_user_mood(mood_score, reason, confidence)` — Mood tracking - `cache_draft_output(component, content, version)` — Draft management - `add_pending_question(question, priority)` — Question queue
Confidence: 79% confidence
Finding: Log conversation

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.