Skylv Hermes Agent Integration

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it asks users to enable powerful self-learning automation with memory, scheduled jobs, subagents, and remote installers without enough boundaries.

Install only if you trust the Hermes and agency-agents sources and are comfortable with a self-learning agent that can remember conversations, create reusable skills, run scheduled tasks, and use external providers. Review remote install scripts before running them, prefer pinned releases or a sandbox, keep memory/scheduler/autoSpawn disabled until explicitly needed, and use tightly scoped bot tokens.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad enough to activate on generic mentions of Hermes, Nous, self-improvement, or multi-agent topics, which can cause the skill to run when the user did not explicitly request this integration. In this skill’s context, unintended activation is more risky because the skill promotes spawning subagents, using memory search, and integrating external tooling, amplifying the consequences of accidental invocation.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The description highlights cross-session memory, history search, and user modeling as benefits but does not warn users that these features can collect, retain, and profile personal or sensitive data. This is especially dangerous in an agent integration skill because users may enable it expecting better automation without understanding the privacy and retention implications.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: Piping a remote script directly into bash executes unreviewed code from a network source with no integrity verification, pinning, or warning. In this context the danger is elevated because the skill is aimed at installing an agent platform with broad automation capabilities, so a compromised or changed installer could immediately gain code execution on the user’s system.

VirusTotal

No VirusTotal findings

View on VirusTotal