Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hermes Upgrade
v1.0.3Hermes Agent 完整手册 - 包含安装、配置、部署、运维和常见问题排查的完整指南
⭐ 0· 63·0 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (Hermes upgrade/deploy) align with the provided instructions: checking releases, downloading a tarball from GitHub, pip-installing, migrating config, and adding a systemd service. However, the guide assumes system-wide/root installation (writes to /etc/systemd/system, /root, enables services) and includes an example config that points to an external base_url (coding.dashscope.aliyuncs.com) and API key env name (OPENROUTER_API_KEY) that are not documented in the registry metadata — these are plausible for some deployments but are not justified by the metadata.
Instruction Scope
SKILL.md contains many concrete shell commands that touch system-wide resources: modifying ~/.gitconfig, downloading and extracting archives, pip installing, copying auth.json and .env from an OLD_HERMES_DIR, writing /etc/systemd/system/hermes-gateway.service, enabling and starting systemd services, and creating /root/.cache and /root/.hermes. It also suggests copying auth.json (which may contain credentials) without prompting to inspect or redact secrets. The guide references environment variable names (OPENROUTER_API_KEY) and feishu app_id/app_secret placeholders not declared elsewhere. Overwriting a user's ~/.gitconfig and copying potentially sensitive files are actions beyond passive guidance and should not be run blindly.
Install Mechanism
No install spec or code files are executed by the skill itself — this is instruction-only. The guide instructs using curl to download a GitHub release tarball and pip to install, which is expected for this purpose. Because the skill only provides commands (no embedded downloads/installers), there is low install-spec risk from the registry side.
Credentials
Registry metadata declares no required env vars, but SKILL.md references OPENROUTER_API_KEY and shows placeholders for feishu app_id/app_secret and allowed_users. It also instructs copying auth.json and .env (files that often contain secrets) without guidance about exposing or redacting sensitive values. The skill asks to modify ~/.gitconfig and set a username/email to OpenClaw — an unexpected change to user identity config. These undeclared credential/environment references are disproportionate to the metadata and should be made explicit to users.
Persistence & Privilege
While always:false and autonomous invocation are normal, the steps require elevated privileges (writing /etc/systemd/system, enabling services, creating files under /root) and will create a persistent systemd service that restarts automatically. The skill does not explicitly state that root permissions are required in the registry, and instructions include actions that will persist across reboots and affect system-wide behavior — users should only run these with explicit consent and understanding of privilege changes.
What to consider before installing
This skill is an instruction-only upgrade guide that largely matches its stated purpose, but it performs system-wide, root-level changes and references undeclared credentials and config values. Before running any commands: (1) review every command line-by-line instead of running the whole script; (2) do not blindly overwrite your ~/.gitconfig or copy auth.json/.env without inspecting them for secrets; (3) prefer running in a test VM or container first; (4) confirm the GitHub repository and release URL you will download from (the guide uses NousResearch/hermes-agent) and verify the tarball checksum if available; (5) check the example base_url (coding.dashscope.aliyuncs.com) and OPENROUTER_API_KEY usage — ensure you understand where credentials would be sent; and (6) perform backups of existing configs and service unit files so you can roll back. If you need a lower-privilege installation, adapt the steps to a per-user install and avoid writing to /etc or /root.Like a lobster shell, security has layers — review code before you run it.
latestvk97da2kd61fz4tmggjngfacekh84mmmp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.