Hermes Self Audit
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed as documented, the audit may run every week and produce reports/logs without a manual prompt each time.
The skill is designed for recurring autonomous execution via cron, which is disclosed and aligned with periodic auditing.
triggers:\n - "auto: cron schedule '0 10 * * 1' (weekly Mon 10:00)"
Only create the cron job if recurring audits are desired, and review or remove the scheduled job if you no longer want automatic reports.
Skill names, usage statistics, curator status, and memory-provider status could be visible in the chosen chat channel.
The audit report is intended to be sent to external chat platforms, so local agent audit metadata may leave the machine or workspace.
outputs:\n - 飞书/Discord/群消息格式的审计报告
Send reports only to trusted private channels and verify the destination chat ID before enabling scheduled delivery.
Reports may reveal which memory system is active and some operational metadata about memory sessions or peers.
The skill inspects persistent memory-provider state and includes that status in its audit scope.
### 4. Memory Provider 健康度\n- 当前 memory provider(内置 / honcho / mem0 等)\n- honcho 状态(如果启用):peer 数、session 数
Confirm that the report does not include sensitive memory contents and keep local logs/chat reports access-controlled.
The actual audit behavior depends on the user's existing Hermes CLI, curator, and optional memory-provider setup.
The skill is instruction-only and depends on external local Hermes components rather than bundled reviewed code.
## 依赖\n\n- hermes cli\n- curator 已启用(检查 `~/.hermes/config.yaml` 里的 `curator.enabled`)\n- 可选:honcho(如果用作 memory provider)
Use a trusted, up-to-date Hermes installation and verify local configuration before relying on the audit results.