Skillv1.0.0

ClawScan security

Hermes Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 5:48 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions, required resources, and scope are coherent with its stated purpose: it creates and manages a local ~/hermes-agent/ memory and non‑destructively seeds OpenClaw workspace files after asking the user.
Guidance: This skill is internally consistent and low-risk in that it only creates local files and asks to add small, additive seed blocks to your OpenClaw workspace. Before installing: (1) review or back up AGENTS.md, SOUL.md, HEARTBEAT.md so you can revert edits if you don't like them; (2) confirm the agent will ask for permission before writing (the skill's text says it will — make sure runtime behavior matches this); (3) decide whether you want local persistent memory under ~/hermes-agent/ and whether any repos or paths should be excluded; (4) if you are concerned about autonomous edits, keep the skill user-invocable and restrict autonomous agent invocation or test it in a safe workspace first.

Review Dimensions

Purpose & Capability: okName/description promise a local learning loop and the skill only asks to create/read/write a local ~/hermes-agent/ directory and to add small additive seed blocks to OpenClaw workspace files (AGENTS.md, SOUL.md, HEARTBEAT.md). No network access, binaries, or credentials are requested — this footprint matches the stated purpose.
Instruction Scope: noteSKILL.md and companion files explicitly instruct the agent to create ~/hermes-agent/ files and to patch workspace files non‑destructively. The instructions include sensible guardrails (ask before writing, keep edits additive and small). This is within scope for a learning-loop skill, but it does require write access to the user's home and workspace files — users should expect and authorize those edits before activation.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Low installation risk: nothing is downloaded or executed beyond the agent following the prose instructions at runtime.
Credentials: okNo environment variables, credentials, or external endpoints are requested. The only persistent state is local files under ~/hermes-agent/ and small edits to the existing OpenClaw workspace — this is proportional to the claimed functionality.
Persistence & Privilege: noteSkill persists local state under ~/hermes-agent/ and may modify workspace files if the user consents. It is not force-enabled (always:false). The platform default allows autonomous invocation, so confirm the agent will ask before making edits as the skill instructs; if you prefer, restrict autonomous execution or require explicit user approval for writes.