Hermes Memory Sync

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it locally summarizes Hermes chat logs into persistent Markdown memory files, but those files should be treated as sensitive.

Install only if you intentionally want Hermes session history copied into local Markdown memory files. Avoid running it on sessions containing secrets, regulated data, or proprietary material unless the output directory is protected, and enable the daily cron job only if ongoing automatic collection is intended.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script persists conversation-derived content into markdown files, including raw user questions, assistant replies, topics, and inferred preferences, with no consent flow, data minimization, or sensitivity filtering. In a memory-sync skill, this creates a real privacy/security risk because sensitive session content may be stored long-term in a more accessible plaintext location than the original logs.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The memory files include direct excerpts of user prompts and assistant responses in plain markdown, which can preserve secrets, credentials, personal data, or proprietary content in a durable and human-readable form. This increases exposure because the derived files may be easier to browse, sync, back up, index, or accidentally share than the original session logs.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal