Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hermes Agent Integration
v1.0.0Hermes Agent Integration for OpenClaw. Connect OpenClaw with NousResearch Hermes Agent (53K stars) for self-improving AI capabilities. Triggers: hermes agent...
⭐ 0· 100·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md describes integrating OpenClaw with NousResearch Hermes Agent, which is coherent with the skill name. However the skill metadata declares no required env vars, binaries, or install steps while the instructions clearly require running external installers, git cloning repos, and configuring messaging platform tokens. The lack of declared requirements (e.g., TELEGRAM_BOT_TOKEN, DISCORD_BOT_TOKEN, npm/node for npx) is inconsistent with the described functionality.
Instruction Scope
The runtime instructions instruct the agent/user to run high-impact commands: curl https://raw.githubusercontent.com/…/install.sh | bash, git clone of third-party repos, and npx ao run. They reference storing tokens in config (e.g., ${TELEGRAM_BOT_TOKEN}, ${DISCORD_BOT_TOKEN}) and modifying OpenClaw config and ~/.hermes. These steps go beyond simple in-agent guidance and can download and execute arbitrary code, alter local configuration, and grant network access to messaging platforms.
Install Mechanism
There is no formal install spec, but SKILL.md advises a curl | bash from a raw.githubusercontent.com URL and cloning external repositories (jnMetaCode/agency-agents-zh). Curl-and-pipe and arbitrary git clones are high-risk install mechanisms because they fetch and execute remote code without verification. While GitHub is a known host, piping remote scripts to a shell is unsafe without verification (checksums/signing).
Credentials
Registry metadata declares no required environment variables or primary credential, yet the instructions reference TELEGRAM_BOT_TOKEN and DISCORD_BOT_TOKEN in examples and YAML config. The skill also mentions many model providers and platforms (Nous Portal, OpenRouter, etc.) implying additional credentials may be needed. This mismatch (declared none vs. used multiple) is a clear proportionality and transparency issue.
Persistence & Privilege
always is false (good). The instructions expect modifying OpenClaw plugin config and creating ~/.hermes and scheduled tasks, which is typical for an integration but does grant persistent presence (config files, cron-like scheduler). Combined with the external installs, this persistence increases risk; the metadata does not document these filesystem/config changes.
What to consider before installing
This skill appears to genuinely describe integrating Hermes Agent, but the SKILL.md asks you to download and execute remote install scripts (curl | bash), clone third-party repos, run npx, and store messaging tokens — yet the registry metadata lists no required credentials or install steps. Before installing: 1) Do not blindly run curl | bash; fetch install.sh and review its contents and hashes locally. 2) Verify the authenticity of the referenced GitHub repos and that they are the official projects. 3) Confirm which environment variables and credentials are actually required and why; prefer creating tokens with minimal scopes. 4) Run installation in a sandbox or VM, and avoid running as root. 5) Ask the skill author to declare required env vars, binaries (node/npm), and filesystem/config changes in the metadata, and to provide cryptographic checksums or releases instead of piping raw scripts to shell. If you cannot verify the external sources or the install scripts, do not install.Like a lobster shell, security has layers — review code before you run it.
latestvk9714d8x2z2c1e573bcn5fnyjx84me45
License
MIT-0
Free to use, modify, and redistribute. No attribution required.