Skillv1.0.0

ClawScan security

Hermes Agent Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 10:01 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documented purpose (integrating Hermes Agent with OpenClaw) matches the instructions, but the runtime instructions ask you to run remote install scripts and to provide service tokens that are not declared in the skill metadata — that mismatch and the use of third‑party repos warrant caution.
Guidance: This skill is plausible for integrating Hermes with OpenClaw but has several transparency gaps and moderately risky install steps. Before installing: (1) Inspect any remote install script (the raw.githubusercontent.com URL) — do NOT run curl | bash blindly. (2) Review the agency-agents-zh repo and its install script; it is a third‑party repo, not clearly an official NousResearch artifact. (3) Be aware the SKILL.md references TELEGRAM_BOT_TOKEN and DISCORD_BOT_TOKEN and other provider credentials that the registry did not declare — only provide tokens you trust and consider creating limited-scope/test credentials. (4) Prefer installing in an isolated environment (container or VM) or reviewing scripts locally, and back up your OpenClaw config (~/.openclaw or equivalent) before enabling autoSpawn or modifying plugin configs. (5) If you need higher assurance, ask the skill author for signed releases or an explicit install manifest and for the list of exact permissions the installed components will need.

Review Dimensions

Purpose & Capability: noteThe name/description and the SKILL.md are consistent: the document describes installing Hermes Agent and integrating it with OpenClaw. However the skill instructs cloning a third‑party repository (jnMetaCode/agency-agents-zh) and installing many components (pip packages, npx tools) not mentioned in the short registry description — this expands the footprint beyond a minimal integration and should be expected but is notable.
Instruction Scope: concernSKILL.md contains explicit runtime instructions to run remote install scripts (curl | bash), pip install packages, git clone/execute install scripts, and to configure tokens (e.g., TELEGRAM_BOT_TOKEN, DISCORD_BOT_TOKEN) and a home config path (~/.hermes). The registry metadata declared no required env vars or install steps, yet the instructions reference environment variables and mutating user config and filesystem. The instructions therefore ask for actions and secrets not declared in the skill metadata and direct execution of remote code — this is a scope and transparency concern.
Install Mechanism: noteThere is no formal install spec in the registry (instruction-only). The instructions recommend running a script from raw.githubusercontent.com (a well-known host), pip installing packages, and cloning a third‑party GitHub repo. While GitHub raw and PyPI are common distribution points, piping remote scripts to bash and running third‑party install scripts carries nontrivial risk; users should review those scripts before running them.
Credentials: concernRegistry metadata lists no required environment variables or credentials, but the SKILL.md expects service tokens (TELEGRAM_BOT_TOKEN, DISCORD_BOT_TOKEN) and implies credentials for model providers (nous-portal, OpenRouter, etc.). This mismatch (undeclared secrets) is disproportionate and reduces transparency — the skill will require secrets to operate but does not declare them in metadata.
Persistence & Privilege: noteThe skill does not set always:true and is user-invocable (normal). However the integration directs creating ~/.hermes, suggests enabling autoSpawn in OpenClaw config, and describes cross-session memory and cron scheduling. That implies persistent storage and background scheduled activity; these are reasonable for this integration but increase long‑term persistence and potential impact — the user should expect files and scheduled tasks to be created.