Back to skill

Security audit

Hermes Skills

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it asks agents to persist conversation summaries and create new skills without enough clear user control or retention boundaries.

Install only if you are comfortable with the agent saving conversation summaries and creating persistent skills. Before enabling it, decide where memory and generated skills are stored, require explicit approval before writes, avoid storing secrets or personal data, and make sure saved items can be reviewed, deleted, or rolled back.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
Claiming the skill 'Works with any agent' encourages broad deployment across agents with very different trust models, memory systems, and security controls. In this context, the skill performs persistent memory-related actions, so an overbroad applicability claim can cause unsafe adoption where memory writes, context compression, or skill persistence are not appropriately sandboxed or reviewed.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs agents to save conversation summaries and newly discovered techniques to memory without warning about retention, consent, or sensitive-data handling. Because this skill is specifically about long-term memory and cross-session persistence, it increases the risk of storing secrets, personal data, prompt-injected content, or proprietary techniques in durable memory where they may later influence behavior or be exposed.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/hermes_test.py:34