ClawHub

Hermes Memory

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a local memory-health checker, but it reaches beyond the named memory files and adds local persistence and optional scheduled execution that users should review first.

Review the script before installing. Confirm whether it really needs access to all of ~/self-improving, where hermes-memory-state.json and health.log will be stored, and whether you want the cron job enabled. Prefer running it manually first, and remove or narrow the cron entry if you do not want recurring local scans.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill is presented as a memory-health checker for specific workspace memory files, but it also enumerates the unrelated ~/self-improving directory and writes a persistent state file there. That expands data access and persistence beyond the declared purpose, creating an unnecessary privacy and scope-creep risk if sensitive filenames or operational metadata exist in that directory.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
Scanning the entire ~/self-improving directory is not necessary to compute health metrics for MEMORY.md, USER.md, SOUL.md, or HEARTBEAT.md. Even though the script only counts lines, broad directory traversal increases exposure to unrelated user data and can reveal filenames and file sizes through output.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script silently writes hermes-memory-state.json containing timestamps and usage metrics without any user-facing disclosure or consent. Undisclosed persistence can surprise users, leak behavioral metadata, and create an audit trail in a location they may not expect.

Session Persistence

Medium
Category
Rogue Agent
Content
**自动定时(每天收盘后17:30自检一次):**
```bash
# 添加到crontab
crontab -e
# 写入:
30 17 * * 1-5 /home/linuxbrew/.linuxbrew/bin/python3 /home/jdvrommel/self-improving/hermes-memory/memory_health.py >> /home/jdvrommel/self-improving/hermes-memory/health.log 2>&1
```
Confidence
85% confidence
Finding
crontab -e

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal