ClawHub

hermes-attestation-guardian

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Hermes security attestation tool that records local posture details and can optionally add cron jobs, with those actions documented and user-directed.

Install this only for operator-managed Hermes environments. Treat generated attestations as sensitive because they include host identity, Hermes paths, security toggles, feed state, and hashes/existence of files you choose to watch. Review watch_files and trust_anchor_files before running, keep signed advisory verification enabled, and use cron --apply only when you intentionally want recurring jobs added to your user crontab.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The attestation payload includes broad host and runtime inventory such as hostname, platform, architecture, Hermes home path, gateway enablement, risky security toggles, config source, and advisory feed state. Even though this appears aligned with operational attestation, it goes beyond strict file integrity evidence and can expose sensitive environmental details if the attestation is stored, transmitted, or shared, increasing reconnaissance value for an attacker.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The code reads environment variables to infer gateway state and security posture, which can reveal sensitive deployment configuration and runtime controls. In an attestation context this may be operationally useful, but collecting environment-derived security state without strict minimization can leak internal hardening or bypass settings to anyone who can access the generated attestation.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The attestation generation aggregates environment-derived and configuration-derived security posture information and writes it into a structured artifact without any in-code disclosure, consent, or visibility mechanism. This creates a privacy and security transparency issue because operators may not realize the artifact contains sensitive runtime state and filesystem locations.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal