ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hermes For Win

v1.1.0

一键安装、部署和管理 hermes Agent 和 hermes-webui 在 Windows 系统上,包括开机自启动、后台常驻和自动更新功能。调用时机:当 Windows 用户想要快速安装和配置 hermes 生态时。

0· 135·0 current·0 all-time
byAI花生@edwardwason

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for edwardwason/hermes-for-win.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Hermes For Win" (edwardwason/hermes-for-win) from ClawHub.
Skill page: https://clawhub.ai/edwardwason/hermes-for-win
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install hermes-for-win

ClawHub CLI

Package manager switcher

npx clawhub@latest install hermes-for-win
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to install and manage a Windows/WSL-based hermes environment (reasonable), but the package contains only documentation (SKILL.md and README) and no actual scripts or download URLs. The README references downloading releases from GitHub and copying scripts into WSL, yet the skill provides no source, repo links, or binaries — an incoherence between claimed capability and provided artifacts.
!
Instruction Scope
Runtime instructions tell the agent/user to run install-hermes.ps1 and other scripts from .trae\skills\hermes-for-win\scripts, to configure Task Scheduler for auto-start, and to read/write files under WSL (/root/.hermes/.env, ~/hermes_logs). Those actions grant persistent, high-privilege presence and involve credential storage, but the actual scripts that implement these actions are absent, so the true behavior is unknown.
Install Mechanism
There is no install spec in the registry (instruction-only skill). README asserts downloads and self-updates from GitHub releases but provides no repository URL or checksums. Self-updating from an unspecified remote is a risk because it could pull arbitrary code; lack of a trusted, traceable source is a red flag.
!
Credentials
The skill declares no required environment variables or credentials, yet README mentions API keys stored in WSL at /root/.hermes/.env and a scheduled task that runs with the user's highest privileges. This mismatch (credentials used but not declared) and the storage of secrets under root are disproportionate and opaque.
!
Persistence & Privilege
The skill's documented behavior includes creating a Windows Scheduled Task running as the user with highest privileges and placing startup scripts in WSL root. While persistence may be necessary for a service, persistent high-privilege auto-start combined with unspecified download/update sources increases the attack surface.
What to consider before installing
Do not run or install this skill yet. The package lacks the scripts it claims to provide and offers no authoritative download/source (GitHub repo link, release checksums, or signatures). Before using it ask the publisher for: (1) the exact repository or release URLs and cryptographic checksums/signatures for binaries/scripts; (2) the actual install scripts so you or a reviewer can audit them; (3) clarification of what credentials are required and how/where they are stored; and (4) whether the scheduled task must run with highest privileges. If you proceed, test in an isolated VM, inspect all scripts for network calls and credential exfiltration, and avoid running auto-update features until the source is verified.

Like a lobster shell, security has layers — review code before you run it.

latestvk971w60n57yscx0nxphm12z8z1852n55
135downloads
0stars
2versions
Updated 1w ago
v1.1.0
MIT-0
AI花生@edwardwason
latest
Download

hermes-for-win

在 Windows 系统上一键安装、部署和管理 hermes Agent 和 hermes-webui,让你轻松拥有完整的 hermes 生态!

功能特性

  • 🚀 一键安装 - 自动下载并配置 hermes Agent 和 hermes-webui
  • 🔧 开机自启 - Windows 登录时自动启动服务
  • 💻 后台运行 - 无窗口后台常驻运行
  • 🔄 自动更新 - 支持一键检查并更新到最新版本
  • 📊 状态监控 - 查看服务运行状态和日志

快速开始

前置要求

  1. Windows 10/11 (64位)
  2. WSL2 已启用并安装 Ubuntu
  3. 至少 4GB 可用内存

安装步骤

  1. 下载并运行 install-hermes.ps1
  2. 按照提示输入配置信息
  3. 等待安装完成
  4. 访问 http://localhost:8787 即可使用

使用指南

查看服务状态

cd .trae\skills\hermes-for-win\scripts
.\check-status.ps1

手动启动/停止服务

.\start-services.ps1
.\stop-services.ps1

更新到最新版本

.\update-hermes.ps1

配置开机自启

.\setup-autostart.ps1

目录结构

hermes-for-win/
├── SKILL.md              # 本文件
├── scripts/              # 所有脚本
│   ├── install-hermes.ps1       # 一键安装脚本
│   ├── start-services.ps1       # 启动服务
│   ├── stop-services.ps1        # 停止服务
│   ├── check-status.ps1         # 查看状态
│   ├── update-hermes.ps1        # 更新脚本
│   └── setup-autostart.ps1      # 配置开机自启
└── references/           # 参考文档
    └── README.md

故障排查

如果遇到问题,请检查:

  1. WSL2 是否正常运行
  2. 端口 8787 是否被占用
  3. 查看日志文件:~/hermes_logs/

许可证

MIT License

Comments

Loading comments...