ClawHub

Hermes Learning

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Hermes-to-WorkBuddy learning sync skill, but it can persistently change WorkBuddy memory.

Install only if you want Hermes learning summaries to modify WorkBuddy's persistent memory. Review ~/.hermes/shared/memory_summary.json and workbuddy_feedback.json first, back up ~/.workbuddy/memory/evolution.db if it matters, and avoid automatic scheduled use unless you are comfortable with ongoing memory updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation advertises commands that read from and write to multiple local files and a SQLite database, but the skill metadata does not declare any permissions. This creates a transparency and consent gap: users or host systems cannot accurately assess that the skill can access persistent memory and modify local state before use.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script unconditionally targets a global WorkBuddy database under the user's home directory and persists Hermes-derived content there, crossing component boundaries without isolation or consent. In a skill that ingests potentially adversarial learning material, this creates a durable trust-contamination risk: untrusted external data becomes long-lived global memory that may influence unrelated future behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill describes syncing data among memory_summary.json, workbuddy_feedback.json, strategies.json, and evolution.db without any user-facing notice that local state will be modified or that historical/behavioral data may be persisted. That omission can lead to silent data modification, privacy surprises, and unintended retention of sensitive agent outputs.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documented bidirectional feedback flow between Hermes and WorkBuddy implies sharing data across agents, but no warning or consent mechanism is described. Cross-agent transfer can expose prompts, memory summaries, behavioral feedback, or other sensitive context beyond the user's expectations, increasing privacy and data leakage risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code creates persistent directories/files and writes to a global SQLite database automatically at import/runtime, with no confirmation, dry-run mode, or prominent disclosure. Silent persistence of externally sourced learning data increases the chance of accidental long-term state modification, especially if the upstream shared files are manipulated or contain harmful instructions/content.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script reads shared feedback from another component and writes a derived report back into a shared directory without trust checks, schema validation, or user awareness. This cross-component data flow can leak operational metadata and lets one component influence another through shared persistent files, which is risky in an agent ecosystem where inputs should be treated as untrusted.

VirusTotal

No VirusTotal findings

View on VirusTotal