Back to skill
Skillv1.2.0
ClawScan security
Hermes Communication Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 20, 2026, 11:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it implements a local file-based queue for WorkBuddy↔Hermes messaging and its code, instructions, and requirements match that purpose.
- Guidance
- This skill is coherent and implements a local file queue; the main things to check before installing: (1) Confirm the Hermes-side consumer (process_queue or other Hermes skills) does NOT execute arbitrary 'command' messages or automatically write/execute files — if it does, that creates execution risk. (2) Ensure the queue directory (~/.hermes/shared/communication or your custom HERMES_COMM_QUEUE_DIR) has appropriate file permissions and is not shared with untrusted users/processes. (3) Be aware queue file writes are simple JSON file writes without locking — concurrent writers/readers could cause corruption; use only in single-user environments or add locking. (4) The repo contains duplicate temp-repo2 files (likely packaging leftovers); they are redundant but harmless. If you will send sensitive data, avoid this channel unless you add encryption or a safer transport and verify the consumer's behavior.
Review Dimensions
- Purpose & Capability
- okName/description claim a local file-queue bridge and the package contains Python scripts that create/read/write ~/.hermes/shared/communication/queue.json and provide CLI helpers — these requirements align with the stated purpose. The duplicated temp-repo2 files appear to be packaging duplicates, not extra capabilities.
- Instruction Scope
- noteSKILL.md instructs only to read/write the shared queue files and run included scripts — scope matches the bridge purpose. Note: the message schema includes types 'command' and 'file'; this skill itself only stores messages and does not execute commands or transfer files, but those message types could enable dangerous behavior if the Hermes side (or any consumer) executes message contents. Review the Hermes-side consumer before trusting messages that carry commands or file payloads.
- Install Mechanism
- okNo install spec (instruction-only) and code files bundled with the skill. Nothing is downloaded from external URLs or written to nonstandard system locations beyond user home directory; no packaging/install scripts are included.
- Credentials
- okThe code optionally respects a single env var (HERMES_COMM_QUEUE_DIR) to override queue location; SKILL.md and files request no credentials or unrelated environment variables. Config files contain a hard-coded example path (/Users/liubo) which is benign but user-specific.
- Persistence & Privilege
- okSkill is not always-enabled and uses normal autonomous invocation defaults. It stores queue files under the user's home directory (creates ~/.hermes/shared/communication) which is appropriate for its function and does not modify other skills or system-wide settings.