ClawHub

Hermes 记忆与技能系统

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned, but it automatically stores agent history and does not clearly explain privacy, deletion, or diagnostic-sharing risks.

Install only if you want OpenClaw to persist and reuse conversation history, tool activity, file-operation context, and generated skill candidates. Keep production approval required and auto-install/export disabled unless needed, set real encryption if supported, and review or redact memory, trajectory, export, log, and diagnostic files before sharing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The manual installation instructions require executing a deployment shell script in production mode, which grants broad code-execution capability not clearly justified by the high-level feature description. Documentation that normalizes direct script execution increases the chance of unsafe installation practices and can be abused if the repository or script contents are altered.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill advertises automatic cross-session memory synchronization and trajectory/data export without clearly warning users about privacy, retention, sensitivity of stored conversations, or where exported data is written. Because this skill's core function is to persist and reuse conversation history, missing privacy disclosures materially increases the risk of accidental retention or exposure of sensitive user data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide instructs users to generate and potentially share a diagnostic archive containing system information, configuration, logs, performance data, and errors, but it does not warn that these artifacts may contain secrets, tokens, internal paths, or sensitive conversation data. In an agent system with persistent memory and logs, diagnostic bundles can easily expose operationally sensitive information if sent to third parties without sanitization.

Missing User Warnings

High
Confidence
97% confidence
Finding
The reset/recovery instructions include destructive deletion commands for runtime data and cache, including 'rm -rf var/data/*', but the warning is understated relative to the risk. In a system described as providing persistent memory and generated skills, deleting these directories can cause irreversible data loss, service disruption, and loss of user history or generated artifacts if operators follow the guide verbatim.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
log_success "现有部署已备份到: $backup_path"
            
            # 清理旧备份(保留最近5个)
            ls -1td "$backup_dir/hermes_"* 2>/dev/null | tail -n +6 | xargs rm -rf 2>/dev/null || true
        else
            log_warning "备份失败,继续部署..."
        fi
Confidence
91% confidence
Finding
rm -rf 2>/dev/

Chaining Abuse

High
Category
Tool Misuse
Content
log_success "现有部署已备份到: $backup_path"
            
            # 清理旧备份(保留最近5个)
            ls -1td "$backup_dir/hermes_"* 2>/dev/null | tail -n +6 | xargs rm -rf 2>/dev/null || true
        else
            log_warning "备份失败,继续部署..."
        fi
Confidence
92% confidence
Finding
| xargs rm

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal