ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hermes Agent Bridge

v1.0.0

Delegate tasks or questions to a local Hermes Agent via its CLI for fast, persona-specific responses and terminal tool access.

0· 106·1 current·1 all-time
by@ibigbigip
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The SKILL.md clearly expects a local 'hermes' CLI (e.g., ~/.local/bin/hermes or in PATH) and instructs using it; however the skill metadata lists no required binaries. The declared requirements do not match the runtime dependency the instructions rely on.
Instruction Scope
Instructions tell the agent to run an exec tool to invoke the local hermes CLI with a user-provided prompt and relay stdout. This stays within the stated purpose (delegation) but grants the agent the ability to execute arbitrary local commands via the exec tool and to send user prompts to the local Hermes instance — a possible vector for unintended data disclosure if prompts include secrets or if Hermes itself runs local tools.
Install Mechanism
No install spec or code is included (instruction-only), so nothing will be written to disk by the skill package itself.
Credentials
The skill declares no environment or credential requirements, which is consistent with being a thin bridge. However, because it relies on invoking a local hermes binary (not declared), the skill implicitly trusts that local executable and any credentials or permissions it has — the metadata should have declared the binary dependency.
Persistence & Privilege
always is false and the skill does not request special persistent privileges. Autonomous invocation is allowed by default; combined with the exec delegation this means the agent could call the local hermes CLI without additional prompts if allowed by platform policies (expected behavior, but worth reviewing).
Scan Findings in Context
[no_findings] expected: Regex scanner found nothing — expected because this is an instruction-only skill with no code files to analyze.
What to consider before installing
This skill delegates user prompts to a locally installed 'hermes' CLI by running it via the exec tool. Before installing: (1) confirm you actually have and trust the local Hermes binary (the skill metadata should list it as a required binary but does not); (2) avoid sending secrets or sensitive data in prompts because they will be forwarded to the local agent; (3) be aware the agent can invoke the skill autonomously and thus call the local CLI without further prompts; and (4) consider asking the skill author to add a required-binaries declaration (hermes) and a note about what the Hermes instance may access (files, network, tools). If you do not trust the local Hermes installation or cannot ensure prompts won't contain sensitive data, do not enable this bridge.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ftx13rdjwkxst3kt7t507s84p5dg

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments