Back to skill
Skillv2.1.0
VirusTotal security
Hermes Memory Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 20, 2026, 11:56 AM
- Hash
- 274cd4e5e533ad31118f2a0ce242987f4f445a0aea7e8ba6279e9b0fc62a0c1a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hermes-memory-bridge Version: 2.1.0 The skill implements a complex inter-agent communication bridge with background persistence via a macOS launchd agent (install_v2.sh). It features a 'closed-loop command system' where one agent can trigger execution on another via task_processor.py, which uses subprocess.run to execute Python code with parameters that are not strictly sanitized, posing a command injection risk. While the code includes basic sanitization against prompt injection in memory_writer.py and the functionality aligns with the stated purpose of bridging Hermes and WorkBuddy, the combination of persistence, cross-agent execution, and high-privilege access to agent databases (queries.py) warrants a suspicious classification.
- External report
- View on VirusTotal