HERMES - AI Agent 协作进化系统
Security checks across malware telemetry and agentic risk
Overview
The package does not show theft or destructive behavior, but it claims to include core HERMES modules that are missing from the artifact, so the advertised behavior cannot be reviewed or run as shipped.
Review before installing. The visible package appears incomplete rather than overtly malicious, but you should ask the publisher for the missing hermes-* module source and corrected CLI metadata before running it or connecting it to real agent workflows, private data, or trusted automation.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
62/62 vendors flagged this skill as clean.