Security checks across malware telemetry and agentic risk
This is a coherent payment-policy skill, but it gives an agent live payment and policy-administration authority with weak local confirmation and credential-storage safeguards.
Review before installing. Use a Standard SDK key for routine payment checks, reserve Admin keys for short controlled policy-management sessions, protect ~/.hermes/.env with restrictive permissions or a secret manager, verify CONTO_API_URL points to the trusted Conto endpoint, start with low/testnet limits, and require your own explicit confirmation before any real transfer or policy deletion.
exit 1
fi
# Write to ~/.hermes/.env
HERMES_ENV="$HOME/.hermes/.env"
mkdir -p "$(dirname "$HERMES_ENV")"fi
# Write to ~/.hermes/.env
HERMES_ENV="$HOME/.hermes/.env"
mkdir -p "$(dirname "$HERMES_ENV")"
# Update or append CONTO_SDK_KEY and CONTO_API_URL in .envHERMES_ENV="$HOME/.hermes/.env"
mkdir -p "$(dirname "$HERMES_ENV")"
# Update or append CONTO_SDK_KEY and CONTO_API_URL in .env
if [[ -f "$HERMES_ENV" ]]; then
# Remove existing Conto entries
grep -v '^CONTO_SDK_KEY=' "$HERMES_ENV" | grep -v '^CONTO_API_URL=' > "${HERMES_ENV}.tmp" || trueexit 1
fi
# Write to ~/.hermes/.env
HERMES_ENV="$HOME/.hermes/.env"
mkdir -p "$(dirname "$HERMES_ENV")"delete-policy)
policy_id="${2:?policy_id required}"
_conto_request DELETE "/api/policies/$policy_id"
;;
get-rules)delete-rule)
policy_id="${2:?policy_id required}"
rule_id="${3:?rule_id required}"
_conto_request DELETE "/api/policies/$policy_id/rules/$rule_id"
;;
setup)66/66 vendors flagged this skill as clean.