Skillv2.1.0

ClawScan security

Hermes Memory Bridge · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 11:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The code and instructions largely match a local file-based Hermes↔WorkBuddy memory bridge, but registry/metadata inconsistencies and included install/daemon scripts mean you should review what will be written to your home directory and any install script before running it.
Guidance: This package appears to implement a local, file-based bridge and generally matches its description, but there are a few things to check before installing: - The registry metadata claims 'instruction-only' yet the skill includes many Python modules and install_v2.sh. Inspect install_v2.sh (and any plist or system service it creates) before running it. - Expect the skill to read/write under ~/.hermes/shared and to search under your WorkBuddy project directories; that means it will access personal memories, logs, and the Hermes DB. If those files are sensitive, back them up and consider whether you want the bridge to have that access. - The code does not contact external network endpoints in the reviewed snippets, but double-check any remaining/truncated files (and the install script) for network calls or credential usage. - If you want to proceed: run the Python files in a controlled environment first (or inspect them thoroughly), and run the install script manually rather than blindly. If you need, provide the contents of install_v2.sh or the omitted files and I can re-check them for network calls, credential exfiltration, or other suspicious behavior.

Review Dimensions

Purpose & Capability: okName/description describe a local Hermes↔WorkBuddy memory bridge; the code reads/writes shared files under ~/.hermes and discovers WorkBuddy directories, implements signals/queues and search/sync — all coherent with stated purpose. No network endpoints or unrelated cloud credentials are requested in the inspected files.
Instruction Scope: noteSKILL.md and the scripts instruct the agent/user to read and write files under HERMES_HOME and WorkBuddy directories, run various Python scripts, and use an install script; these actions are necessary for a file-based bridge but will access user memory files and logs. The instructions are fairly specific (not open-ended), but they do allow scanning of WorkBuddy project directories and reading Hermes DB/memory files.
Install Mechanism: concernRegistry lists no install spec (marked instruction-only) but the package contains many executable Python modules and an install_v2.sh plus explicit daemon/launchctl instructions in SKILL.md. That mismatch is concerning: either the registry metadata is incomplete or the skill expects manual installation of files and system service setup. Review install_v2.sh before running; it may create persistent background processes and modify user launch services.
Credentials: noteThe skill does not require external API keys or secrets. It reads environment variables (HERMES_HOME, WORKBUDDY_HOME, WORKBUDDY_MEMORY_DIR, BRIDGE_LOG_LEVEL) which are reasonable for locating directories and configuring logging, but registry declared 'required env vars: none' — these are optional overrides. The code will read user memory files and may iterate WorkBuddy directories (filesystem discovery), which is proportionate to its purpose but worth noting as access to private data.
Persistence & Privilege: concernSkill files include an install script and SKILL.md references to launching a daemon (launchctl). Although always:false (not force-installed), following the provided install steps will give the skill persistent background presence and file-system watchers. This matches the bridge's goal but increases blast radius; verify the install script and any launchctl plist before enabling.