Back to skill
Skillv1.0.0
VirusTotal security
Hermes Agent Integration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 10:01 PM
- Hash
- 9d0b59dc7cf881949964c36eaf401c93ce439b608f4e1441a7efd30161e2e193
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hermes-agent-integration Version: 1.0.0 The skill bundle relies on high-risk execution patterns, specifically instructing the AI agent or user to perform `curl | bash` operations and execute installation scripts from external repositories (e.g., `github.com/NousResearch/hermes-agent` and `github.com/jnMetaCode/agency-agents-zh`). While these appear to be legitimate AI tool integrations, the use of unverified remote script execution and the handling of sensitive credentials (Telegram/Discord tokens) in SKILL.md poses a significant risk of Remote Code Execution (RCE) and supply chain compromise.
- External report
- View on VirusTotal